More than a hundred websites have been compromised in an attempt to steal Apple IDs, according to security firm, Trend Micro.
According to Trend Micro, there has been a recent spike in phishing sites targeting Apple IDs. The Trend Micro blog indicates that there have been attacks on British and French users as well as American users, with some versions of the attack asking for the user’s Apple ID login credentials, along with their billing address and credit card information.
Users may be directed to the phishing sites via phishing emails that claim that the users Apple account will expire in 48 hours if they do not "conduct an audio of your information".
Looking at the text of the email obtained by TrendMicro it is clearly spam, as we know that Apple has better knowledge of grammar, and yet people do fall for these emails. Case in point: "Why you email he sent?"
Trend Micro emphasis that phishing sites that the email directs users to can be identified because they don't show the indications that they are legitimate, such as the padlock and Apple Inc. part of the toolbar.
Trend Micro claims that 110 legitimate sites have been compromised, and a phishing page added via a folder named ~flight. That makes it possible for the site to display a page that looks like an Apple login page. Trend Micro says that this is only a compromise, not a hack because the original content is not modified.
On visiting this page a user may mistakenly enter their Apple ID along with credit card security code and password.
Trend Micro has identified 110 compromised sites that are hosted by the IP address 126.96.36.199, which it says is registered to an ISP in the Houston area.
Trend Micro recommends that users enable the two-factor authentication recently introduced by Apple.
There have been a number of recent forum posts about the Apple phishing emails on the Apple Support Communities.
Poster AB Mac outlines the email that is doing the rounds.
This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it. The account will continue to be frozen until it is approved And Validate Your Account Information. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.
Wondering why you got this email? It's sent when someone adds or changes a contact email address for an Apple ID account. If you didn't do this, don't worry. Your email address cannot be used as a contact address for an Apple ID without your verification.
For more information, see our frequently asked questions.
Thanks, Apple Customer Support
Apple offers the following advice for avoiding phishing emails.
"As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never solicit such information from customers by email."
Apple provides the following tips if you do receive email that you're not sure is valid:
Find out who the email is really from - To view the header in the mail, you can hover over the name of the sender and see where it really came from.
Be cautious of links in the email – Mouse hover over the link and see where it is really pointing to.
Check that the website you're accessing is legitimate - Modern browsers display the company name in green if the site has been issued an Extended Validation (EV) Certificate and is a legitimate website/business. For example, you’ll see Apple Inc in green if you go to iCloud.com
Note the email greeting - Phishing emails start with generic phrases like "Dear valued customer" or your email account name, such as "Dear snookums123.
The message arrived at a different email address than the one you gave the sender – in our case it came through to a generic Macworld email address.
Keep previous history in mind – look through valid correspondence from the company and compare
Never email account information or credit card information if you are in doubt
Never provide personal account information through email.
Be cautious of attachments
Last April we wrote about a phishing scheme that offered loyal Apple Store fans £100.