Phishing for Apple

Security publisher Trend Micro uncovers massive phishing scheme involving Apple IDs.

To paraphrase an old expression: Give a man an apple and you feed him for a day; teach a man to phish apple IDs and you feed him for a lifetime -- with stolen data. That's what some bold phishers are hoping for, according to a new report by security intelligence company Trend Micro, which documents a major phishing scam that has already compromised 110 sites in a plan to steal Apple IDs.

Phony log-in pages phish for user IDs. (Credit: Trend Micro)

According to Trend Micro, all of these sites are "hosted at the IP address, which is registered to an ISP in the Houston area" and victims of the scam, both in the U.S. and abroad, have been not only asked for their Apple IDs and passwords, but also for their billing addresses and even credit card information. Users are often misdirected to these sites by spam.

Spam messages misdirect users to phony log-in pages. (Credit: Trend Micro)

Before giving up your information, Trend Micro recommends that you always ensure that your browser bar displays a padlock icon indicating a secure connection, followed by "Apple Inc. [US]." They also suggest that you enable Apple ID's new two-factor authentication, which requires users to verify their IDs using one of their devices before making purchases or changes to their accounts.

About Joshua Rotter

Joshua Rotter is a copy editor for and covers iOS.