Hackers Keep Phishing for Apple IDs
CREDIT: Apple/Sascha Burkard/Shutterstock.com
People spend a lot of money on iTunes and Apple's App Store, so it's not surprising that their Apple IDs would prove tempting targets for hackers.
A number of users in the United States, the United Kingdom and France have received suspicious emails claiming to represent Apple. The emails encourage them to follow a link and share their login credentials. But rather than securing their accounts, this action will seal their fate as victims of an easily avoidable phishing attack.
According to a report from the TrendLabs Security Intelligence Blog (part of the Japanese anti-virus firm TrendMicro ), the phishers are making use of 110 different compromised pages, all mimicking the official "My Apple ID" site.
These phony pages ask users for their Apple IDs and passwords, sometimes requiring a credit-card number and security code as well.
Although the sites do a passable job of replicating the look and feel of Apple's official website, a careful eye can spot something rotten from a mile away.
The site names listed in the URL bars are often nonsensical, having nothing to do with Apple's official site, nor will Web browsers deem the page "secure" (Chrome, for example, will verify a page's security by displaying a green padlock next to the URL).
This is not the first time that hackers have phished for Apple IDs. In October 2012, hackers tried an almost identical email scam, complete with spelling errors and look-alike login sites.
The emails themselves do not look much more convincing, sporting subjects like "Apple security ! error detected" — not exactly the kind of slick professionalism you'd expect from the most popular tech brand on the market.
Along with capitalization errors and broken English phrases like "Why you e-mail he sent?" even a cursory reading of the email will reveal its ill intent.
Apple's two-step verification, which it released last month, is the second-best defense against scams like this (the first being a judicious application of common sense).
This process will send a second verification code to a mobile device of your choice each time you need to log into iTunes or the App Store with your Apple ID. [See also: Five Apple Security Myths — and the Hard Truths]
This way, even if you accidentally enter your Apple ID and password into a malicious site, hackers will be unable to access it. At this point, changing your password (and, if necessary, canceling your credit card) will prevent any financial foul play.
Two-step verification does not protect other iCloud services, such as email and Find My Phone, so hackers could still extract a good deal of sensitive information.
There are plenty of very intelligent ways hackers can steal your information online; this one is not especially clever. Read your email carefully, check the URL before using your Apple credentials and activate two-step verification, and you're just about guaranteed to avoid this threat.