Kaspersky Labs has revealed that there is a massive increase in Apple phishing scams and Apple IDs are being targeted heavily. According to the report, cyber criminals are inducing users to reveal their Apple account information by creating fraudulent phishing sites that try to imitate the official apple.com site. This way criminal can get access to iTunes account details and iCloud details including credit card information. Remember, Apple holds the most credit card details in the world thanks to its services.
According to Kaspersky’s findings, Kaspersky Security Network (KSN) detected an average of 200,000 attempts per day of users trying to access the phishing sites, which were triggered each time a user running Kaspersky Lab’s products was directed to one of the fraudulent sites.
In comparison in 2011, there were only 1000 detections per day. Kaspersky Labs notes that Apple has also being expanding its iTunes stores in India, Turkey, South Africa and an additional 52 countries which happened on December 6, 2012 and on this day the phishing scams increased to 900,000 for the day, which is a record.
The report notes that the main way through which such scams are deployed is via email. Via mail, the user is flummoxed as the mail masquerades to be a mail from Apple Support, with a fake alias in the ‘sender’ field like services@apple.com. These messages would typically ask users to verify their Apple ID details, which would result in the user revealing his/her account details.
Kaspersky recommends users to look at the address bar of the website and the apple.com bit would be followed by some additional text indicating it to be a fake site. However, it has been noted that this becomes more difficult on browsers that don’t reveal the address bar in its entirety like Safari on iOS.
The security firm also recommends users to verify email address aliases from Apple by checking the original sender address first. On the PC, this can be achieved by mousing over the sender address field, which reveals the sender alias’ true email address. When using a mobile device, users should touch the email alias from the sender, which expands the alias to show the full address of the sender. Kaspersky also recommends Apple’s two step verification process for additional security.
