To paraphrase an old expression: Give a man an apple and you feed him for a day; teach a man to phish apple IDs and you feed him for a lifetime -- with stolen data. That's what some bold phishers are hoping for, according to a new report by security intelligence company Trend Micro, which documents a major phishing scam that has already compromised 110 sites in a plan to steal Apple IDs.
According to Trend Micro, all of these sites are "hosted at the IP address 220.127.116.11, which is registered to an ISP in the Houston area" and victims of the scam, both in the U.S. and abroad, have been not only asked for their Apple IDs and passwords, but also for their billing addresses and even credit card information. Users are often misdirected to these sites by spam.
Before giving up your information, Trend Micro recommends that you always ensure that your browser bar displays a padlock icon indicating a secure connection, followed by "Apple Inc. [US]." They also suggest that you enable Apple ID's new two-factor authentication, which requires users to verify their IDs using one of their devices before making purchases or changes to their accounts.