Apple users should be extra-cautious when sharing personal data. This warning from the IT security firm Kaspersky Lab comes after months of escalated phishing campaigns in which cyber criminals request and then steal user account information for iCloud and iTunes, as well as credit card details.
Success often attracts copycats – and this is something Apple is learning. According to Kaspersky Lab, the number of phishing attempts involving copies of Apple’s official website, apple.com, has escalated sharply since the beginning of 2012. Whereas, in 2011, the Kaspersky Security Network was registering an average of 1,000 of these attempts per day, there are now an average of 200,000 per day.
There are, however, enormous daily fluctuations, with cyber criminals clearly timing their phishing attempts precisely to Apple’s marketing. On December 6, 2012, after the opening of iTunes stores in India, Turkey, Russia, South Africa and another 52 countries, Kaspersky Lab detected an all-time record – over 900,000 phishing attempts on Apple users in a single day.
Email traps
The methods used by cyber criminals to access Apple user data are by no means new. They include sending emails purporting to come from [email protected] or Apple Customer Support. These emails are usually professionally written, feature the Apple logo, and may even include links to “Frequently Asked Questions” in order to convince sceptical users. The emails also contain links to faked Apple websites, where users are requested to enter their Apple ID and/or password. This information is then stolen and misused by cyber criminals.
In another variation, Apple customers have their credit card data stolen directly. This is done by sending users an email requesting they verify the credit card information attached to their Apple IDs. They are then asked for their credit card type and number, as well as its expiry date, the card verification code, their date of birth, and potentially other identifying details.
How to identify phishing sites
One way to distinguish between real websites and counterfeits created for phishing purposes is to look at the address bar. While most counterfeit sites have the word “apple.com” as part of their address (URL), experienced users should – at least at second glance – be able to detect forgeries by examining the complete address.
Things become more difficult when the address bar cannot be seen. This is the case with the Safari browser used on mobile devices like the iPhone and iPad. Fraudsters can also construct websites in such a way that the genuine address is incorporated into the site as an image, which is displayed at the top of the screen as expected.
Apple users against counterfeiters
Users should first check whether any emails they receive requesting them to enter certain information actually come from Apple. By mousing over the address field, the true sender is displayed. Users can thus determine whether or not the email in question was sent by Apple.
To guard against fraud attempts, Apple also provides a two-step authentication process for Apple IDs. This process involves sending a four-digit code to one or more previously selected devices belonging to the user. This serves as an additional verification and prevents undesired changes being made on the “my Apple ID” site or, for example, third parties making unauthorised purchases using your Apple ID.
Unfortunately, this does not yet prevent cyber criminals from using stolen credit card data. Users should not follow links in questionable emails to access websites. Instead, they should manually enter website addresses into browser windows. Users who still want to use such links should carefully check their content and the address of the website they link to. In addition, Mac users should use a security software package like Kaspersky Security for Mac as standard. This will protect Mac users in real-time against viruses, trojans, spyware, phishing attempts and harmful websites, as well as preventing Macs from distributing Windows malware to friends and colleagues.
Further information on phishing attempts targeting Apple customers is available in the blog post: http://www.securelist.com/en/blog/8108/Apple_of_discord
