New Phishing Attack Targets Users with Apple IDs Through Compromised Sites
A new report is urging web users to be cautious in their surfing habits as more than a hundred websites have been compromised by phishers who are seeking to steal visitors’ Apple IDs. The last two weeks have seen a significant spike in the number of phishing sites on the web targeting Apple IDs according to Trend Micro’s Security Intelligence blog. The blog pointed out on Tuesday that the newest trend appears to involve compromising a site and adding the phishing pages to a folder named ~flight. The files in the folder display a page designed to look like a login page for Apple’s services, encouraging the user to enter an Apple ID, credit card security code, and password.
The second part of the phishing attack relies on spam emails urging the recipient to submit their information for an “audit” and that their account would expire in 48 hours if they don’t. The email, which is designed to somewhat resemble an actual communication from Apple, links to the phishing page and prepares them to give up their login information.
As of right now, Trend Micro identified 110 compromised sites, all of which were hosted by the IP address 18.104.22.168. The address is one that is registered to a Houston-area ISP and almost none of the sites affected have been cleaned. As Apple IDs are typically tied to their owners’ credit cards, the security surrounding them is seemingly quite important. Apple gave users the option to enable two-factor authentication for their Apple IDs, making it necessary to verify a user’s identity before changing account options., or making purchases from a new device. According to Trend Micro, users should enable this option for added protection.
This new scam is just the latest in a line of phishing attacks targeting Apple customers. There have been several well-crafted phishing scams in the past that all encouraged users to give up their data, saying that their billing information records were “out of date.” Apple has been building anti-phishing measures into its Safari browser and improving iTunes account securities as a result.
Source: Trend Micro
) via The Next Web