A new malicious effort by cyber criminals is making the rounds, which mimics Apple’s user account management site in an attempt to steal Apple IDs.
With a stolen Apple ID, a criminal can potentially log into your iCloud account and gain access to email and contacts, as well as use remote services to lock or wipe your Mac or iDevices. In addition, if you use your iCloud account as the main registration for various online services, then this may be used to gain access to those services as well.
The malicious attempt is sent out as a phishing e-mail with the subject “Update Your Account” that reads:
Dear Customer, We have recently updated our website database and new security feature has been added for effective order and shipping. Please Click www.apple.com/upgrade, to update your account information within 24hours. Thanks,Apple Team
The phishing site’s address is different, and is not authenticated by a certificate (click for larger view).
As with most phishing e-mails and notices, this one has its obvious grammatical errors; however, if you open the included link you will find a well-done mock-up of Apple’s login page for Apple ID holders:
This attempt is clearly a site rip of the UK version of Apple’s Web site, as most links on it redirect to Apple’s main site. If you enter information in the Apple ID area, then you will be redirected to another malicious site that asks for your billing address and information, again mimicking Apple’s “Apple ID” site. After submitting information on this second site, you will simply be redirected to Apple’s main Web page, in a clear attempt to disguise this activity.
Apple’s legitimate accounts management site shows a green button, that when clicked will show the valid certificate for the session.
Luckily, Safari and other browsers should identify this phishing attempt and warn you with anti-phishing warnings either before you load the site, or when you try to use any submission forms in the site; however, it may be best practice to not depend on these, and instead use proactive measures to recognize potentially malicious sites.
Any time you are entering sensitive information in a Web site, be sure to check for the presence of a legitimate certificate, and also that the site’s URL is from the domain you are doing business with. For example, in this situation, the desired domain should be “apple.com;” however, the phishing page is hosted at “transportbegeleidinghaarlem.nl,” and does not show any verified certificate in Safari’s address bar.
This warning should appear in Safari, if you visit the phishing site.
Ensure this box is checked in Safari’s preferences, to enable anti-fraud checking.
The best advice is common sense.