Pages

Thursday, May 9, 2013

Do you have an Apple ID? Better check if you’ve been a Phising Target



Contrary to  the belief that Apple is immune to virus and phising, phishers have now realigned their fire on a relatively new target: Apple IDs. 
 
 According to Trend Micro’s Trend Labs, “there was a consistent pattern to the URLs of these phishing sites. They are under a folder named ~flight. Technically, the sites were only compromised, but not hacked (as the original content was not modified). It’s possible, however, that the sites may be hacked or defaced if the site stays compromised.”


Interestingly, trying to access the folder itself will load the following page:

 Access the ~flight folder and this is what will come out on your screen.

 Trend Micro has identified a total of 110 compromised sites, all of hosted at the IP address 70.86.13.17, which is registered to an ISP in the Houston area. The directory contains pages that spoofed the Apple ID login page fairly closely and asks not only for the user’s Apple ID login credentials, but also their billing address and other personal and credit card information. It will then forward targets to a page that states that access has been restored, but of course the information has been stolen. 


 The spoofed directory is as clean and as valid-looking as the original.

 Records show that 2013 saw a significant increase in phishing sites targeting Apple IDs. Interestingly, attacks are not exclusive to the US.
 There is a big increase in phising attacks, only 15 weeks in 2013 

                        Detection is better than cure
According to Trend Micro, “one way to identify these phishing sites is that the fake sites do not display any indications that you are at a secure site (like the padlock and “Apple Inc. [US]” part of the toolbar).

The secured Apple website: The screenshot above is from Chrome, but Internet Explorer and Firefox both have similar ways to indicate secure sites.

Check the legitimacy of the messages if they match. Legitimate messages have matching domains all around – where they were sent from, where any links go to.  

“The mere appearance of the email isn’t enough to judge, as very legitimate-looking emails have been used maliciously. Users are likewise encouraged to enable the two-factor authentication that Apple ID recently introduced, for added protection,” Trend Micro said.
                              About Trend Micro
Trend Micro Incorporated (TYO: 4704; TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers.  A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ global threat intelligence data mining framework, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe. 


No comments:

Post a Comment