CyberCrimeSecurity

InfoSec 2016: Apple Users Targeted By Fake Domains

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Follow on: Google +
Google + Linkedin Subscribe to our newsletter Write a comment

Beware malicious websites posing as legitimate Apple presence, FireEye warns

British iPhone users have been warned to be wary of a rising number of phishing campaigns held on malicious websites impersonating real Apple domains.

Security researchers at FireEye found evidence of multiple websites being used to impersonate Apple’s online presence and carry out phishing attacks against Apple iCloud users in the US, China and UK.

The campaigns target the Apple IDs and passwords of Apple device users, which once harvested, can be used to gain entry to their accounts, and even combine this with stolen credit card information to impersonate the user and make purchases via the Apple Store.

Rotten

seagateFireEye says that these campaigns are unique as they are serving the same malicious phishing content from different domains to target Apple users.

It highlighted a number of particularly nasty phishing campaigns which impersonated Apple content, with one, named Zycode, mimicking websites related to iTunes, iCloud and Apple ID, including a phony login page that would allow the criminals to steal this information.

This fake access page would then also follow up with a false security question, which could also collect valuable information that could allow access to a user’s other accounts that use the same login details.

Another campaign specifically targeted Apple users in the UK, with 86 phishing domains noted since January 2016.

These pages loaded a false login page that closely resembled the official Apple access page, which when completed, tells the user that their account has been locked for “security reasons”. In order to unlock it, the user must enter a number of personal details, including the likes of name, date of birth, telephone numbers, addresses, credit card details and security questions, all of which could then be taken forward by the criminals to access the real accounts.

When observing the location information for the IP addresses used to create these pages, FireEye saw that they all pointed to locations within the UK, suggesting they were hosted here, creating a worrying situation for British users.

Despite being around for many years, phishing schemes remain popular among cyber-criminals looking for a quick and easy way to steal information.

A recent Verizon report discovered a major rise in phishing attacks over the past year, and that 30 percent of phishing messages were opened – up from 23 percent in the previous year – and 13 percent of these resulted in malware or some other nefarious backdoor being installed.

How much do you know about the world’s most notorious hackers? Try our quiz!