Contrary to the belief that
Apple is immune to virus and phising, phishers have now realigned their fire on
a relatively new target: Apple IDs.
According to Trend Micro’s
Trend Labs, “there was a consistent pattern to the URLs of these phishing
sites. They are under a folder named ~flight. Technically, the sites were only
compromised, but not hacked (as the original content was not modified). It’s
possible, however, that the sites may be hacked or defaced if the site stays
compromised.”
Interestingly, trying to access the
folder itself will load the following page:
Access the ~flight folder
and this is what will come out on your screen.
Trend
Micro has identified a total of 110 compromised sites, all of hosted at the IP
address 70.86.13.17, which is registered to an ISP in the Houston area. The
directory contains pages that spoofed the Apple ID login page fairly closely
and asks not only for the user’s Apple ID login credentials, but also their
billing address and other personal and credit card information. It will then
forward targets to a page that states that access has been restored, but of
course the information has been stolen.
The spoofed directory is as
clean and as valid-looking as the original.
Records
show that 2013 saw a significant increase in phishing sites targeting Apple
IDs. Interestingly, attacks are not exclusive to the US.
There is a big increase in
phising attacks, only 15 weeks in 2013
Detection is
better than cure
According to Trend Micro, “one way
to identify these phishing sites is that the fake sites do not display any
indications that you are at a secure site (like the padlock and “Apple Inc.
[US]” part of the toolbar).
The secured Apple website: The
screenshot above is from Chrome, but Internet Explorer and Firefox both have
similar ways to indicate secure sites.
Check the legitimacy of the messages
if they match. Legitimate messages have matching domains all around – where
they were sent from, where any links go to.
“The mere appearance of the email
isn’t enough to judge, as very legitimate-looking emails have been used
maliciously. Users are likewise encouraged to enable the two-factor
authentication that Apple ID recently introduced, for added protection,” Trend
Micro said.
About Trend
Micro
Trend Micro Incorporated (TYO: 4704; TSE: 4704),
the global cloud
security leader, creates a world safe for exchanging digital
information with its Internet content security and threat management solutions
for businesses and consumers. A pioneer in server
security with over 20 years’ experience, we deliver top-ranked
client, server and cloud-based security that fits our customers’ and partners’
needs, stops new threats faster, and protects
data in physical, virtualized and cloud environments. Powered by the
industry-leading Trend Micro™ Smart Protection Network™ global threat
intelligence data mining
framework, our products and services stop threats where they emerge
– from the Internet. They are supported by 1,000+ threat intelligence experts
around the globe.
No comments:
Post a Comment