All the latest UK technology news, reviews and analysis


Phishing scam targets Apple ID users

30 Apr 2013
Apple logo

Apple users are being warned to stay vigilant following the discovery of a new series of phishing attacks targeting the Apple ID network.

Researchers at Trend Micro have uncovered a series of compromised sites that are being used to host fake login pages. Designed to resemble the Apple ID login screen, the pages ask users to enter both their usernames and passwords.

The compromised credentials are then believed to be harvested by the attackers for future use in account thefts.

Researchers noted that the phishing sites have been connected to a spam campaign as well. Designed to resemble an official Apple notification, the messages attempt to direct users to the phishing sites by warning of an impending account removal.

"We’ve seen attacks targeting not only American users, but also British and French users," wrote Paul Pajares, Trend Micro's fraud analyst.

"Some versions of this attack ask not only for the user's Apple ID login credentials, but also their billing address and other personal and credit card information."

Though the pages themselves are designed to closely resemble the Apple ID site, researchers note that the address information itself can easily be spotted. Aside from not matching Apple's own domains, the pages do not use the secure connection required by Apple to log into its ID platform.

In addition to using best practices to avoid spam sites, users can protect themselves from account theft by activating Apple's new two-factor authentication platform.

Introduced by the company last month, the security tool pairs an account with a user's mobile phone and asks for a one-time use numerical code, which is sent via SMS. Such two-factor controls have long been advocated by security experts for their ability to prevent account loss even when a user's login credentials are stolen.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
9%
7%
17%
67%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Financial Consultant - Liquidity

Purpose of The Role To support Treasury department...

Senior Mobile Web Developer- London, .Net, Mobile

Senior Mobile Web Developer- London, C#, .Net, Mobile...

MongoDB Development Lead (MEAN Stack)

My Client, one of the world’s largest online super powers...

Linux System Administrator

Job purpose To support the Operations manager in resolving...
To send to more than one email address, simply separate each address with a comma.