The Apple ID is Apple’s all-encompassing account that plugs into the company’s many services, from retail sites like the iTunes Store and Apple Store to its productivity services like iWork and iCloud. There are great incentives for stealing a user’s Apple ID -- cybercriminals can use your personal information to impersonate you, purchase products or blackmail you -- and security sites have noticed an uptick in phishing sites that try to pirate Apple IDs from unsuspecting users.
Upon investigating the URLs of some new phishing sites, Tokyo-based security blog Trend Micro discovered that more than 100 different websites had been compromised, but not hacked, to display bogus Apple ID login pages.
“Technically, the sites were only compromised, but not hacked (as the original content was not modified),” said Trend Micro’s fraud analyst Paul Pajares. “It’s possible, however, that the sites may be hacked or defaced if the site stays compromised.”
Most of the pages, like the one embedded below, mimic the Apple ID login page fairly well:
Trend Micro found that all of the phishing sites’ URLs were filed under a folder called ~flight, but upon attempting to access the folder, users were given the following page:
In total, 110 sites were compromised by a single IP address -- 126.96.36.199 -- which is registered to an ISP in the Houston area. The majority of these affected sites have not been cleaned, and they continue to show the fake Apple ID login page.
The phishing sites have targeted Apple IDs in a number of different ways -- some simply ask for login credentials, while others require credit card and billing address information. Once users enter their information to these compromised sites, they are presented with a page that essentially tells them that their access has been restored, even though their information has been stolen.
Users are typically directed to these fake Apple ID pages via spam emails, which tell users their Apple accounts will expire unless their information is audited.
One way to identify Apple’s true ID login page from other phishing sites is to check the URL toolbar for the HTTPS signifier, which usually looks like a padlock, next to the name of Apple Inc.
For added protection, Apple users are encouraged to utilize Apple’s new two-step verification process, which “reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account,” according to the company.
To set up the two-step verification process for one’s Apple ID, visit appleid.apple.com and select “Manage your Apple ID,” and sign in. Then, select “Password and Security,” and follow the onscreen instructions for “Two-Step Verification.” Apple will then send four-digit verification codes to one of your trusted mobile devices -- either your iPhone, iPad or Mac -- to verify your identity.