Apple iCloud users have been warned to be on their guard against phishing attacks targeting the UK that seek to gain account information, including credit card data.
Security company FireEye uncovered evidence of the attacks after noticing that 86 domains were set up in the first quarter of 2016 to host pages that pose as the Apple iCloud log-in page.
People clicking on a link sent by the crooks are taken to a page that looks on the surface to be the legitimate log-in page as it has the same design and imagery of the real Apple log-in page (see fake version below). However, as you can see in the image, the URL is clearly fake.
If a user inputs their ID and password they are told that their entire details are needed again, including financial data, for 'security reasons'.
Once this is done the victim is then sent to the real Apple authentication page to add legitimacy to the scheme. By this time he or she has given the hackers their entire account and financial data.
FireEye said it is clear that cyber crooks are deliberately targeting UK users of the iCloud platform with this particular campaign.
“This campaign [in the UK] used sophisticated evasion techniques (such as code obfuscation) to evade phishing detection systems and, whenever successful, was able to collect Apple IDs and personal and credit card information from its victims,” the firm said.
A blog post by FireEye also noted that similar attacks are occurring in China, which is another major market for Apple, as criminals prey on the naivety of some web users.
Phishing, despite its simplicity, remains a major threat for everyone, including big corporations. A recent phishing attack netted £40m after tricking a chief executive into authorising a payment.
Comes just week after firm announced plans to bin the service
Details of a trio of Intel Coffee Lake CPUs leaked
Ding-dong Adobe Flash is dead
Ultra-high-end all-in-one PCs from HP feature either 24-inch or 27-inch displays