Usually when we talk about Apple-related security threats the dialog centers on an unaddressed bug or overlooked exploit in iOS or OS X. The latest has less to do with software errors and everything to do with deception.
" />

Don’t fall for this deceptive Apple ID phishing scam

Usually when we talk about Apple-related security threats the dialog centers on an unaddressed bug or overlooked exploit in iOS or OS X. The latest has less to do with software errors and everything to do with deception. A new phishing scheme has been uncovered that mimics an Apple ID sign-in page in order to steal sensitive personal data.

ea-apple-phish-resized

The malicious page is hosted on a server registered to EA’s website. The game publisher has several titles for iOS, but it is unclear exactly how or why the fake login page is found here. It also isn’t clear exactly how scammers are luring their potential victims to this page, but it’s typical to receive the link via an email, usually one claiming there is some urgent need to update or verify information associated with an account.

Once landing on the page, users who do enter their Apple ID credentials will then be taken to a second page where they will be asked to enter information like name, address, and even credit card info. The scary part is that even the most eagle-eyed observer couldn’t be blamed for not batting an eye at the fake site. It is fairly spot-on.

apple-id-sign-ing

The bottom line: be careful when asked to enter account credentials, especially if being asked via a suspicious email. Check the URL. Check to see if other links in the page are valid. Where do URLs point to when you hover your cursor over links? If it smells fishy, it might be phishy.

For now EA claims to have addressed the issue that led to the dubious site ending up on their servers. The company says it will investigate the matter further.

[via Netcraft]

Continue reading:

TAGS: