Cybercriminals target Apple IDs, financial credentials in phishing scams | Inquirer Technology

Cybercriminals target Apple IDs, financial credentials in phishing scams

/ 04:23 PM July 13, 2013

MANILA, Philippines – Cybercriminals are using fake Apple sites to try and trick users into submitting their Apple ID credentials, which would enable them to steal the users’ account login and access their  personal data, information and credit card numbers stored on their iCloud and iTunes accounts, according to a report that analyzed the increase of cybercriminal campaigns designed to steal Apple IDs by creating fraudulent phishing sites that try to imitate the official apple.com site.

An average of 200,000 attempts per day by users trying to access the phishing sites were detected from January 2012 through May 2013, a marked increase from 2011, which averaged only 1,000 detections per day, according to Kaspersky Lab, provider of effective digital security solutions for large enterprises, SMBs and consumers.

Kaspersky Lab’s web antivirus module detected and prevented its users from accessing the sites although the increase in detections showed how these scams were becoming more commonly used by cybercriminals for phishing campaigns.

Article continues after this advertisement

The company analyzed the cybercriminals’ behavior and patterns on a daily and monthly basis, noticing that fluctuations and increases in phishing attempts often coincided with large events from Apple.

FEATURED STORIES

For example, on Dec. 6, 2012, immediately following the opening of iTunes stores in India, Turkey, Russia, South Africa and an additional 52 countries, an all-time record of more than 900,000 phishing attempts directing to fake Apple sites were detected in a single day.

The main distribution method used by cybercriminals to direct users to the fraudulent Apple sites are predominantly phishing emails posing as Apple Support with fake alias names in the “Sender” field, such as [email protected], according to the report.

Article continues after this advertisement

The messages would typically request users to verify their account by clicking on a link and entering their Apple ID information, it said.

Article continues after this advertisement

These emails are deceptively clever and professionally designed in order to make them appear authentic, including the use of Apple’s logo and presenting the message with similar formatting, coloring and style that Apple uses.

Article continues after this advertisement

Another variation of these phishing emails are designed to steal Apple customers’ credit card information. This is done by sending users an email requesting that they verify or update the credit card credentials attached to their Apple IDs, which can be done by clicking on a link in the message.

The link directs the user to a phishing site that imitates how Apple requests credit card information from their customers to fool users into inputting their credit card information and other personal information.

Article continues after this advertisement

Guidance to users: Identifying phishing websites and emails

One way to distinguish between real websites and counterfeit ones created for phishing purposes is to look at the address bar of the website, the report said.

While most counterfeit sites have the word “apple.com” as part of their address (URL), the address would not be verified by Apple and would include additional text in the URL.

However, identifying phishing sites become harder when users can’t see the full URL address, which is typically the case when iOS users are running Safari on their iPhone or iPad devices.

When users click on links from email messages on iOS devices the complete URL address is hidden from them when the page is downloaded and opened through Safari.

How Apple users can protect themselves against phishing scams

Users should verify email address aliases from Apple by checking the original sender address first. On a computer this can be done by mousing over the sender address field, which reveals the sender alias’ true email address.

When using a mobile device, users should touch the email alias from the sender, which expands the alias to show the full address of the sender.

To guard against fraud attempts, Apple also provides a two-step authentication process for Apple IDs. This process involves sending a four-digit code to one or more previously selected devices belonging to the user.

This serves as an additional verification and prevents undesired changes being made on the “my Apple ID” site or, for example, third parties making unauthorized purchases using your Apple ID.

Unfortunately, this does not yet prevent cybercriminals from using stolen credit card data. Users should not follow links in questionable emails to access websites. Instead, they should manually enter website addresses into browser windows.

Users who still want to use such links should carefully check their content and the address of the website they link to.

In addition, Mac users should use a security software package like Kaspersky Security for Mac as standard.

This will protect Mac users in real-time against viruses, trojans, spyware, phishing attempts and harmful websites, as well as preventing Macs from distributing Windows malware to friends and colleagues.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Further information on phishing attempts targeting Apple customers is available on Securelist.com

TOPICS: Apple, Cybercrime, infotech, IT, Kaspersky Lab, technology
TAGS: Apple, Cybercrime, infotech, IT, Kaspersky Lab, technology

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.