Potential victims are lured to fake website that collects Apple account credentials

Aug 22, 2014 20:40 GMT  ·  By

Cybercriminals are relentless in their endeavor to collect account credentials for different online services and, at the moment, a phishing campaign targeting Apple users is reportedly in full swing.

The method used by the crooks is the classic one: an email pretending to be from Apple ([email protected]) alerts the user that they need to sign into their account for validation purposes.

The entire sham is passed as a security verification step, and if the user decides to skip it, their Apple ID gets suspended. This is a common tactic that creates a sense of urgency and increases the rate of success of the phishing campaign.

At the end of the message there is a link claiming to get the potential victim to the Apple website, where they can enter the details required for the account validation.

The phishing page asks for more than the Apple ID and password as the cybercriminals go for the full details that could compromise the potential victim's identity. Information such as full name, date of birth, credit card details (number, CVV, expiration date, 3D-secure code), driver license number, address and security question and reply, are all requested on the bogus website.

At the moment of writing the webpage is still active. Although chances are that it will not last for long, the cybercriminals can register a different domain and run the same scam again.