Apple users under attack by a vicious phishing campaign

Nov 9, 2015 12:31 GMT  ·  By

Cyber-criminals don't particularly care if users are Mac or Windows fans. All they see is money, and in one of the most recent phishing campaigns spotted in the wild by Comodo's Antispam Labs (CASL), crooks are going after Apple ID customers.

With over 800 million active accounts, according to Apple's most recent tally, criminals have a large target to hit, and the easiest way to do it is via classic phishing campaigns.

In one of the most recent of such attacks, users are receiving emails from [email protected] in which they are told about a limitation on their account. To remove it, users need to log into their accounts and update their data.

The email uses the same graphic style of actual Apple emails, but if users are careful enough, they could easily spot the problem inside the sender's email address, which lacks an "l" from the domain name (appe.com).

In case users are careless and click the link provided in the email, they'll land on a phony Apple website, where all the data they enter is recorded in the criminal's database, including details regarding credit card information.

Simple tricks to avoid contamination

It's an old trick that still makes victims even twenty or so years after the first of such campaigns was detected. The best way to avoid them is to always inspect incoming email addresses, not to click links inside suspicious emails, and always access the website in question by manually typing the URL in your browser.

The Comodo team has made available the following information so that webmasters can blacklist this campaign on their local email servers:

Email From Address: [email protected] Malicious URL inside email: https://srv80.prodns[dot]com.br/~good/my-account/en/ URL Domain: prodns[dot]com.br IP Address: 192.185.215.210

“The Comodo Antispam Lab is an expert resource of engineers and computer science professionals, who use innovative and proprietary Comodo cybersecurity technology to protect and secure the online world,” said Fatih Orhan, Director of Technology for Comodo. “We will continue to work diligently in creating and implementing innovative technology solutions that stay a step ahead of the cyber criminals, and keep enterprises and IT environments safe.

Landing page, users are asked to enter their Apple ID password
Landing page, users are asked to enter their Apple ID password

Apple ID phishing campaign (4 Images)

Fake email received by Apple ID users
Landing page, users are asked to enter their Apple ID passwordCriminals are then harvesting the user's credit card information
+1more