New Apple ID Phishing Effort Compromises Over 100 Sites

As highlighted by The Next Web, security firm Trend Micro yesterday outlined a new phishing scam that has seen the perpetrators compromise over 100 sites in their attempts to gain access to users' Apple ID accounts. While Apple IDs are relatively popular targets for phishing scams, Trend Micro's analysis offers some interesting detail on the approaches used by the criminals.

We’ve identified a total of 110 compromised sites, all of hosted at the IP address 70.86.13.17, which is registered to an ISP in the Houston area. Almost all of these sites have not been cleaned. [...]

We’ve seen attacks targeting not only American users, but also British and French users. Some versions of this attack ask not only for the user’s Apple ID login credentials, but also their billing address and other personal and credit card information. It will eventually result in a page that states that access has been restored, but of course the information has been stolen.

Trend Micro's sample of a spam message designed to trick recipients into sharing their account information at the compromised sites shows a very poor attempt at copying Apple's email style, but inexperienced Internet users are undoubtedly still falling for the scheme.

apple_id_phish
Trend Micro offers a number of suggestions to help users protect themselves from phishing scams, including checking for consistent domains throughout email addresses and links included in an email and checking for indicators that the user is at a secure site associated with the correct company.

While phishing scams rely on the gullibility of users to direct them to fake account management sites, Apple has sought to increase account security on its own site with its recent introduction of two-step verification to help minimize the possibility of an unauthorized party gaining access to a user's account. That feature is, however, only available in a handful of countries for the time being.

Top Rated Comments

MonkeySee.... Avatar
114 months ago
If any of you fall for that email, raise your hand and hit yourself with it.
Score: 32 Votes (Like | Disagree)
WestonHarvey1 Avatar
114 months ago
Why you email he sent, indeed.
Score: 27 Votes (Like | Disagree)
Kaibelf Avatar
114 months ago
Oh for Pete's sake! LOOK at the email. Putting a stupid Apple logo on the top doesn't mean people should suddenly lose the ability to see this obvious phishing attempt. By the way "inexperienced internet users" is irrelevant. The broken English and crazy wording should have been enough of a tip to ANY sensible person.
Score: 25 Votes (Like | Disagree)
Laird Knox Avatar
114 months ago
That email true is. They fix helped me my Loging correctly. You should send infos by next 48 hours!
Score: 10 Votes (Like | Disagree)
ks-man Avatar
114 months ago
Tim Cook is a supply chain and operations guy, not an English professor. He probably needed to quickly get this e-mail out to let the users know.

I, for one, am glad that I got this and was quickly able to get my security credentials in order. We'll see how much you are all laughing when your Apple IDs get closed down.
Score: 8 Votes (Like | Disagree)
Creep89 Avatar
114 months ago
Why you email he sent?

Yay, better enter my Apple ID.
Score: 8 Votes (Like | Disagree)

Popular Stories

iPhone 14 Mock pill and hole thumb

ProMotion Now Expected to Remain Exclusive to iPhone 14 Pro Models, Not Expand to Entire Lineup

Sunday January 16, 2022 8:56 am PST by
Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple's ProMotion display technology, according to a respected display analyst. Ross Young, who on multiple occasions has detailed accurate information about Apple's future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain...
safari icon blue banner

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]

Sunday January 16, 2022 3:37 pm PST by
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS. In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
ipad air 4 video

New iPad Air Rumored to Launch This Spring With A15 Chip, 5G, Center Stage Camera, and More

Saturday January 15, 2022 8:05 pm PST by
Apple is planning to release a fifth-generation iPad Air with similar features as the sixth-generation iPad mini, including an A15 Bionic chip, 12-megapixel Ultra Wide front camera with Center Stage support, 5G for cellular models, and Quad-LED True Tone flash, according to Japanese blog Mac Otakara. Citing reliables sources in China, the report claims that the new iPad Air could be...
Unlikely Products 2022 Feature

Six Rumored Apple Products You're Unlikely to See This Year

Saturday January 15, 2022 2:06 pm PST by
Much has been said about what consumers could see from Apple in 2022, but the company is also working on a handful of rumored products that aren't expected to be unveiled for at least another 12 months, and in some cases a lot longer. Of course, that's assuming they get released at all. Apple works on many potential products some of which ultimately never see the light of day. With that in...
AirPods Pro Gen 3 Mock Feature Red

AirPods Pro 2 Could Start a New Accessory Ecosystem

Friday January 14, 2022 2:34 am PST by
Apple's second-generation AirPods Pro could arrive alongside a new series of accessories, recent leaked images suggest. Alleged leaked photos of the next-generation AirPods Pro obtained by MacRumors showed a charging case with a metal loop on the side for attaching a strap. Apple has not used this design for any of its other AirPod models and it is unclear why it would be added in this...
netflix2

Netflix Again Raises Prices for All Plans, 4K Streaming Now $20 Per Month

Friday January 14, 2022 12:46 pm PST by
Netflix today updated the prices for its streaming plans, and all of its offerings are now more expensive. The Basic plan is now priced at $9.99 per month, the Standard plan is priced at $15.49 per month, and the Premium plan is priced at $19.99 per month. The Basic plan is $1 more expensive, up from $8.99 per month. This plan allows users to watch on just one screen at a time, and it limits ...
tesla carplay solution

Developer Showcases Apple CarPlay Workaround for Teslas

Monday January 17, 2022 7:24 am PST by
A Tesla Model 3 owner has resorted to a workaround to implement Apple CarPlay in his vehicle, amid no sign of official support from Tesla (via Tesla North). Apple CarPlay and Apple Music support are among the most-requested Tesla features, but with no indication that Tesla is willing to implement Apple CarPlay in its vehicles, Polish developer Michał Gapiński took matters into his own...
top stories 20220115

Top Stories: iPhone 14 Pro Rumors, iCloud Private Relay Controversy, iOS 15.2.1 Released, and More

Saturday January 15, 2022 6:00 am PST by
Hole-punch? Pill? Hole-punch and pill? Rumors about what the front camera system on the iPhone 14 Pro will look like are evolving rapidly, and it now appears we might be getting a novel but potentially controversial design later this year. Other major stories this week included some confusion and controversy about iCloud Private Relay being disabled for some T-Mobile customers, increasing...