Story image

Apple iCloud users are the new bait in phishing campaigns

15 Jun 2016

Apple iCloud users are the latest targets of phishing campaigns and those campaigns are using the same content but different domains to target Apple users, FireEye reports. Several phishing campaigns have targeted Apple users since January 2016, specifically Apple IDs and passwords.

Any Apple user who uses iCloud, iTunes or the App Store are vulnerable, as the Apple IDs are the same for every device, be it iPhone, iPad, iPod Touch, Mac or Windows computer

iCloud, which acts as a cloud syncing and sharing hub for contacts, documents, notes and photos across all Apple devices, also allows storage of passwords and credit card information.

According to FireEye, "Anyone with access to an Apple ID, password and some additional information, such as date of birth and device screen lock code, can completely take over the device and use the credit card information to impersonate the user and make purchases via the Apple Store."

FireEye says the malicious phishing domains resemble legitimate domains, and these have been used in attacks against iCloud users in the UK and China. They are sending the same content through different domains to target Apple users.

The two main campaigns reported by FireEye labs are:

1. The Zycode phishing campaign, which targets Apple's Chinese customers through a password variable in the JavaScript code. In addition, phishing domains used in campaigns are neither registered nor pointing to Apple infrastructure.

2. A targeted phishing campaign against UK Apple users reveals a number of domains that serve the same phishing content. "A simple HTTP GET (via the wget utility) to the domain's page reveals HTML code containing a meta-refresh redirection to the signin.php page," the FireEye blog says.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.