Apple phishing scam targets UK users
SECURITY FIRM FireEye has warned that a new phishing scam is gunning after iCloud users in the UK in a bid to pilfer credit card details.
FireEye uncovered evidence of the attacks after noticing that 86 domains were set up in the first quarter of 2016 to host pages that pose as Apple's iCloud log-in page.
People clicking on a link sent by crooks are taken to a page that looks on the surface to be the legitimate log-in page as it has the same design and imagery of the real Apple log-in page.
If a user inputs their ID and password they are told that their entire details are needed again, including financial data, for 'security reasons'.
Once this is done, the victim is then sent to the real Apple authentication page to add legitimacy to the scam. By this time it's too late, though, as the hackers already have their glove-wearing mitts on their entire account and financial data.
FireEye said it is clear that cyber crooks are deliberately targeting UK users of the iCloud platform with this particular campaign.
"This campaign [in the UK] used sophisticated evasion techniques (such as code obfuscation) to evade phishing detection systems and, whenever successful, was able to collect Apple IDs and personal and credit card information from its victims," the firm said.
The security firm also noted that similar attacks are occurring in China, which is another major market for Apple, as criminals prey on the naivety of some web users.
Phishing, despite its simplicity, remains a major threat for everyone, including big corporations. A recent phishing attack netted £40m after tricking a chief executive into authorising a payment.
What our customers say about us
A 1TB hard drive failure with many valued photographs led me to R3. Very impressed with their calm professional approach, rapid courier collection and excellent ongoing email updates with full data recovery. Price? Well, what price memories? Highly recommended.