Phishing for Apple

Security publisher Trend Micro uncovers massive phishing scheme involving Apple IDs.

To paraphrase an old expression: Give a man an apple and you feed him for a day; teach a man to phish apple IDs and you feed him for a lifetime -- with stolen data. That's what some bold phishers are hoping for, according to a new report by security intelligence company Trend Micro, which documents a major phishing scam that has already compromised 110 sites in a plan to steal Apple IDs.

Phony log-in pages phish for user IDs.

(Credit: Trend Micro)

According to Trend Micro, all of these sites are "hosted at the IP address 70.86.13.17, which is registered to an ISP in the Houston area" and victims of the scam, both in the U.S. and abroad, have been not only asked for their Apple IDs and passwords, but also for their billing addresses and even credit card information. Users are often misdirected to these sites by spam.

Spam messages misdirect users to phony log-in pages.

(Credit: Trend Micro)

Before giving up your information, Trend Micro recommends that you always ensure that your browser bar displays a padlock icon indicating a secure connection, followed by "Apple Inc. [US]." They also suggest that you enable Apple ID's new two-factor authentication, which requires users to verify their IDs using one of their devices before making purchases or changes to their accounts.

CNET Top 5
Companies Apple could buy with their billions
Apple's sitting on a massive pile of cash. Here are five interesting ways they could spend it.
Play Video
 

Member Comments