More than a hundred websites have been compromised in an attempt to steal Apple IDs, according to security firm, Trend Micro.
According to Trend Micro, there has been a recent spike in phishing sites targeting Apple IDs. The Trend Micro blog indicates that there have been attacks on British and French users as well as American users, with some versions of the attack asking for the user's Apple ID login credentials, along with their billing address and credit card information.
Users may be directed to the phishing sites via phishing emails that claim that the users Apple account will expire in 48 hours if they do not "conduct an audio of your information".
Looking at the text of the email obtained by TrendMicro it is clearly spam, as we know that Apple has better knowledge of grammar, and yet people do fall for these emails. Case in point: "Why you email he sent?"
Trend Micro emphasis that phishing sites that the email directs users to can be identified because they don't show the indications that they are legitimate, such as the padlock and Apple Inc. part of the toolbar.
Trend Micro claims that 110 legitimate sites have been compromised, and a phishing page added via a folder named ~flight. That makes it possible for the site to display a page that looks like an Apple login page. Trend Micro says that this is only a compromise, not a hack because the original content is not modified.
On visiting this page a user may mistakenly enter their Apple ID along with credit card security code and password.
Trend Micro has identified 110 compromised sites that are hosted by the IP address 126.96.36.199, which it says is registered to an ISP in the Houston area.
Trend Micro recommends that users enable the two-factor authentication recently introduced by Apple.
There have been a number of recent forum posts about the Apple phishing emails on the Apple Support Communities.
Poster AB Mac outlines the email that is doing the rounds.
This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it. The account will continue to be frozen until it is approved And Validate Your Account Information. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.
Wondering why you got this email? It's sent when someone adds or changes a contact email address for an Apple ID account. If you didn't do this, don't worry. Your email address cannot be used as a contact address for an Apple ID without your verification.
Sign up for CIO Asia eNewsletters.