Estimated Reading Time: 3 minutes
So far this fall, we’ve seen a spike in mobile phishing campaigns and malware attacks targeting Apple users. These phishing campaigns do not appear to be localized, and Apple is aware of this—having issued an official apology with recommendations to a “small number of users” in China. Both Alipay and WeChat reported that affected users had their accounts compromised in a phishing scam—before the hackers accessed their accounts and made purchases. Though these events have not been linked and may be unrelated—they further illustrate the increase in targeted attacks on Apple users.
Attention Apple ID Users: Beware of Phishing Links
A trend forming among newly identified phishing URLs shows bad actors sending fraudulent emails informing Apple ID users of outdated Apple ID information or problems with billing. The emails and internal links attempt to deceive Apple ID users into “verifying” account information. When the user proceeds to log in, the form handing over access credentials to their accounts.
The following image shows the fake landing page with a form designed to trick users into entering their credentials to access their Apple ID account. The landing page uses an outdated styling of the Apple ID login page and a phishing form that passes your sensitive information directly on to the perpetrators of the attack.
Upon careful scrutiny, it should be pretty straight forward to recognize the phishing scam.
While both mobile pages display a “lock” representing an SSL certificate and ‘icloud.com’ in the URL—the example on the right is one of the phishing landing pages being used in these scams. The actual TLD used in this example is .live. This just reinforces the importance of checking the entire URL and only entering personal information on trusted web pages.
This example is also tailored specifically for mobile users—taking advantage of the smaller user interface that potentially obscures URLs. When that same URL (hxxps://icloud.com.pin15.live/A4513B) is visited from a desktop browser, it results in a customized 404 response page— intentionally crafted by the phishing team.
Protect Yourself: Tips and Best Practices To Avoid Phishing Scams
Of course, zvelo will continue monitoring for new phishing URLs and update the zveloDB URL database for our global network. In the meantime, we thought we’d just revisit some tips and best practices for staying safe as new phishing trends emerge.
- Always scrutinize emails from unknown sources before opening them
- Always double-check the URL of a link in an email before visiting the page or downloading a document
- Always analyze the full-path URL before entering any personal/private information into a webpage or online form
- If you receive an unsolicited notification for one of your existing accounts—take the safe route. Instead of clicking on a potentially compromising link in an email—access your account directly from a trusted device and network. Treat notification emails as just that… notifications
- Turn on and use Two Factor Authentication (2FA) on your sensitive accounts
- If you have found a phishing URL you can report it directly to Apple at [email protected]
- Alternatively, you can check the status of a phishing page at https://tools.zvelo.com. If you think the page is a phishing URL and it is not properly categorized—then submit it as a “miscategorization”
For more best practices and updates directly from Apple, visit: https://support.apple.com/en-us/HT201679
Stay safe online! If you’re behind on the latest Cybersecurity jargon, check out our Glossary of Cyber Threat Definitions!