New phishing attempt mimics Apple support

BurnIconXA new malicious effort by cyber criminals is making the rounds, which mimics Apple’s user account management site in an attempt to steal Apple IDs.

With a stolen Apple ID, a criminal can potentially log into your iCloud account and gain access to email and contacts, as well as use remote services to lock or wipe your Mac or iDevices. In addition, if you use your iCloud account as the main registration for various online services, then this may be used to gain access to those services as well.

The malicious attempt is sent out as a phishing e-mail with the subject “Update Your Account” that reads:

Dear Customer,
We have recently updated our website database and new security feature has been added for effective order and shipping. Please Click, to update your account information within 24hours.
Apple Team
Fake Apple ID reset

The phishing site’s address is different, and is not authenticated by a certificate (click for larger view).

As with most phishing e-mails and notices, this one has its obvious grammatical errors; however, if you open the included link you will find a well-done mock-up of Apple’s login page for Apple ID holders:

This attempt is clearly a site rip of the UK version of Apple’s Web site, as most links on it redirect to Apple’s main site. If you enter information in the Apple ID area, then you will be redirected to another malicious site that asks for your billing address and information, again mimicking Apple’s “Apple ID” site. After submitting information on this second site, you will simply be redirected to Apple’s main Web page, in a clear attempt to disguise this activity.

Apple ID valid certificate

Apple’s legitimate accounts management site shows a green button, that when clicked will show the valid certificate for the session.

Luckily, Safari and other browsers should identify this phishing attempt and warn you with anti-phishing warnings either before you load the site, or when you try to use any submission forms in the site; however, it may be best practice to not depend on these, and instead use proactive measures to recognize potentially malicious sites.

Any time you are entering sensitive information in a Web site, be sure to check for the presence of a legitimate certificate, and also that the site’s URL is from the domain you are doing business with. For example, in this situation, the desired domain should be “;” however, the phishing page is hosted at “,” and does not show any verified certificate in Safari’s address bar.

Phishing warning in Safari

This warning should appear in Safari, if you visit the phishing site.

Safari anti fraud settings

Ensure this box is checked in Safari’s preferences, to enable anti-fraud checking.

If you are ever in doubt about a link that is sent to you in an e-mail, then you can always quit your e-mail client and visit the site directly by typing in the URL to your Web browser. This approach will ensure you are getting to the site you intend, instead of being taken to a malicious alternative.

One thought on “New phishing attempt mimics Apple support

Comments are closed.