An Apple ID is provided to all of Apples customers, allowing users access to services such as iCloud, the iTunes Store, and the App Store. According to FireEye, anyone with access to an Apple ID, password, and some additional information, can take over the device and use the credit card information to impersonate the user and make purchases via the Apple Store.
One of the phishing kits found by FireEye, named zycode, targeted Apple users in China by replicating over 30 Apple domains, appearing as an Apple login interface for Apple ID, iTunes, and iCloud designed to lure people into submitting their Apple IDs.
FireEyes email attacks research team found another targeted phishing campaign against Apple users in the UK, with 86 Apple phony phishing domains observed since January 2016. The phony domains have been serving the same phishing content with a user redirected to what appears to be a legitimate Apple website.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now