Apple + Recommended + Security News

Clever Phishing Scam Targets Your Apple ID and Password

Posted on August 5th, 2016 by

Phishing scam web sites want Apple ID and password

Apple users need to be aware of an ongoing phishing campaign that appears to be ramping up efforts the past couple days. Scammers have found a clever way to generate phishing websites—and they're after your Apple ID and password.

What's happening is an active phishing campaign by way of fake Apple websites attempting to slurp up as many Apple IDs and passwords as possible. We've seen these types of phishing scams before, but the person or group behind this campaign appears to be very determined, creating tens and possibly hundreds of phishing websites all designed to steal your Apple ID and password.

Streams of these phishing pages have been uncovered the past two days, and subsequently posted to Twitter by vigilant users in the security community:

Upon discovery, many of these phishing websites have, of course, been shut down. But the scam isn't over. New sites appear to be popping up, all registered under the same name, email address and country. One of the new scam sites is currently catching anti-phishing filters in some browsers, but not others.

For example, as of this writing Firefox does not alert visitors of a phishing attempt to one of the malicious sites:

appleid-verification dot com phishing site in Firefox browser

Google's Chrome browser will alert visitors of the deceptive site:

appleid-verification phishing site Google Chrome browser

Apple's Safari browser will also alert visitors of the suspected phishing site:

appleid-verification Phishing site Safari browser

The duplicating phishing site, which is popping up under numerous URLs, is so deceptive it even offers legitimate links to Apple.com in order to trick unsuspecting visitors into thinking the page is legit.

Therefore, as we head into the weekend, we strongly encourage everyone to be vigilant about where you enter personal information online. We will keep you updated as this story evolves, but in the meantime, there are a few things to keep in mind to stay safe.

How scammers trick you into visiting phishing sites

Phishing scams have been causing serious problems for email users seemingly forever. Most of the time, phishing emails arrive in your inbox (or junk email, depending on your rules) pretending to from be your bank, utility company or other online payment system you use. Those messages request you to verify your accounts or to confirm your billing information, often leading victims to spoofed sites that ask you to update your credit card information or other identifying information.

Although such scams originated sometime around the year 1995, phishing emails and websites pretending to be from Apple are not as common, but they do happen.

You have probably seen Apple phishing emails in your email junk box—unfortunately, some of these bogus phishing emails can look very real. Just the other day I got one from a scammer phishing for my Apple ID. An email claiming to be from "Apple Inc" erratically tells me: "Notice of Expiry of Your apple ID ref U-54614."

The bogus email looked this:

Phishing scam email contents

The first thing I noticed about this email was that it was sent to about 100 different email addresses, all of which I could see in the "To:" line—a warning sign of fraudulent intentions, especially for an email wanting me to verify my Apple ID intended for someone "trying to reset your password." You can also see in the email itself there are multiple grammatical errors, copyright dates are expired, and it presents a lame resemblance or what a valid email from Apple actually looks like.

Although the sender claims to be Apple Inc, a quick check to find out who the email is really from reveals it's not coming from Apple:

Phishing email from "Apple Inc"

It failed the grammar test and the "received from" test. And that's all I needed to know before hitting the delete button. But not all phishing attempts are so easily identified.

Other phishing attempts come to you in the form of text messages in attempt to steal for your Apple ID and password. And some scams may use both SMS messages and emails, attacking you from multiple channels hoping to con you into believing this must be a valid attempt to save you in some way or another.

Phishing scams typically use social hacking exploit techniques to trick you into giving up your personal information. Sometimes they begin with pretexting: The attacker will contact you under a pretext, perhaps based on a very real situation, such as the theft of your iPhone or iPad, designed to give you the impression that since they know what they already know, they must be authorized to know more. And sometimes it works. "Hook, line and sinker," as they say.

Take, for instance, Joonas Kiminki's unfortunate tale of his stolen iPhone. This happened merely weeks ago, and the result was an active attempt to steal his identity—specifically his Apple ID and password. After Joonas's iPhone was stolen, he got a new phone and life went back to normal. However, a couple of weeks later he received an SMS and an email notifying him that his phone was found, and to simply visit a website and login to find the phone's location. You can read his experience on his blog at Hackernoon.com.

Fortunately, he didn't fall for the scam, but this is a perfect example of the kinds of phishing attempts we're seeing this week. Joonas cautioned why such scams would target your Apple ID, saying:

[Y]ou can’t activate an iPhone (or any iOS device for that matter) as long as it’s connected to someone’s iCloud account. However, when you steal a phone, you can perfect the crime by stealing the poor bastard’s identity as well. Then just log on to Find my iPhone, decouple the account from the device, and poof, you have an unlocked phone!

The moral of this story is that, if your phone is stolen, be aware that at some point in the near future you could receive an email and even an SMS message indicating that, surprise-surprise, your phone was "found," and that you need to visit such-and-such website and enter your Apple ID credentials to view your iPhone's location.

An example of this type of phishing page popped up just hours ago, and it may even be targeting Apple users whose iPhones were stolen:

How to protect yourself from phishing scams

There are many ways to protect yourself from phishing scams. Here are five of the best methods to protect your data and avoid getting duped:

  1. Stay aware of the types of websites you're visiting and who you receive emails from, and double check the validity of a site before you enter any personal information.
  2. Ensure that your iPhone and iPad has its passcode enabled, preferably a six digit passcode, available on Apple devices running iOS 9, which makes it even harder to crack.
  3. You may even wish to enable the "Erase Data" passcode setting on your iPhone or iPad, which ensures that your device erases all data on it after 10 failed passcode attempts. (Just be sure to also backup your data to a cloud service provider, such as iCloud Drive, so if you lose your phone you can easily retrieve the data on it.)
  4. Add another layer of protection by enabling two-factor authentication for your Apple ID.
  5. Last but not least, some very sound advice from Joonas Kiminki: "If you ever lose your iPhone, iPad or iPod, be extra alert for upcoming identity theft attempts."
  • Rasmus

    IMO, Apple is doing a lot of the phishermen’s work for them. You don’t get the address when hovering links and they remove parts of the site’s address in the address bar. That anti-educates the users and make them reliant on mighty Apple to keep them safe.

    Apple also has a nasty habit of buying many random domains, and feeding them information, so even a tech savvy users can be confused when a network monitor tells you about outgoing connections to icloud.com and digitalhub.com, despite you not using those services.

  • sonaliraq

    They’re also doing it by phone. I got a phone call from 844-869-7591 this morning, a guy with a heavy South Asian accent told me my apple account had been compromised and I need to go to onlinenetworksolution[dot]com to reset it.

  • Clara

    This is affecting anyone with appleid and without apple ids oe without even apple products. My family and friends fell for it.

    And the virus scam are the worst.
    Best bet is not to click the link and if you are super curious call apple. They can assist you rid this.
    I find there are alot of people out there portraying to be apple. Make sure to look at the phone number who is calling you and if you are uncomfy with sharing your remote advisor -shut your computer off. It makes it more difficult for stuff to get on your computer if it is off.

    I think my sister told me apple advisors can’t override your computer, meanwhile fraudulent sites can.

    Also don’t send money anywhere. Call apple support instead like the real number and disconnect whoever you have on the line. Non apple people will come across pushy because they want your money and sadly the elderly are very vulnerable to this

  • Susan Rosenberg

    ON Feb. 14, 2017 I received a “phishing” phone call – claiming my appleid was compromised. 5 days later, I was unable to use my apple id, although apple was? I called back to the original number, was advised they do work for Apple (they don’t – it is a true scam), to go to this website: onlinetechnicalsolution[dot]com and allow them to “enter” my computer remotely. That did not happen, the website was clearly a scam and my browser informed me as such. The phone # they are calling from is: 1-844-885-0012. I was able to straighten out my account, ultimately and updated what I needed to to stay safe.

  • Cindy Sue Truman

    They are using http://www.support[dot]me— to get info and phone numbers calling from are 800 592-3169 and 941 845-9919. States 40 diff people are using my mail. They never ask who to speak with either. Hummmmmm

  • Tired of probes

    Why is Apple making this our problem? I get all sorts of phishing expeditions – I put it back on Apple – stop making me/us do all the grunt work.

  • Emile Jumean

    I constantly get “Apple ID reset” emails….to an email address that has no connection to my iTunes account. Nice try, Phishers.

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}