Posted by: David Harley | July 8, 2013

Apple Phishing Phakery

I came across a report – Apple of Discord – by Kaspersky’s Nadezhda Demidova about a dramatic rise in phishing attacks aimed at the owners of Apple device users. The victims are misdirected to fake Apple sites, and the report states that detections of such sites per day have risen from around 1000 per day in 2011 to an average of 200,000 per day over the last 18 months or so, and the criminals are clearly interested in iCloud and iTunes contents and credentials, as well as the credit card details associated with those services. For example, a screenshot of one phishing form shows that the scammers were interested in a victim’s credit card number, merchant, expiration date, card verification code (CVC), date of birth and social security number, which they passed off as ‘necessary’ data for associating a credit card with an Apple ID. The article also includes an example of a phishing email purporting to be sent on Apple’s behalf.

Vendors and fanboiz can argue about the prevalence, importance and classification of Apple malware (and agree that there is very little that affects iOS users), but let’s not forget that a lot of phishing attacks are platform agnostic. This report seems to suggest, however, that Apple Mac and device users are seen as  an increasingly attractive target for phishing scams.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: