Phishing site steals Apple ID, password, customer’s name, credit card CVV number and contact details.
Phishing sites are quickly rising in popularity, and Symantec warns that Internet users be more careful when it comes to giving out sensitive information. Apple customers are the latest target for such scams, according to Symantec researcher Mathew Manivara.
Now, users need to make sure when they go to the Apple Store online, it is the real Apple Store. This scam targets people with My Apple accounts. A faux site is designed to look just like the actual My Apple site, tricking users into entering their account information.
The real My Apple site provides news on the latest Apple updates and information about products and services, while the phishing site prompts customers to update their profiles, including credit card and contact information. Once the information is entered, an error message indicates the session has timed out and the customer is redirected to the real Apple homepage. According to the Symantec blog, customers don’t think twice, believing that it was a momentary flaw in the Apple website.
The phishing site was hosted on a free Web-hosting site located on servers based in Canada. Although the domain name was a free Web-hosting domain, the phishing URL may appear to be legitimate at first glance due to the use of certain keywords that make the phishing URL resemble the legitimate URL.
Apple has been the target of phishing scams lately due to the popularity of products like the iPad and iPhone. Other popular sites for phishing are Twitter, other social networks and credit card pages. See our Security Bytes blog for more information on these phishing scams. The fake sites, created by cybercriminals, aim to pilfer sensitive information from users such as credit card information, log-in credentials and even Apple gift card information, like a scam that came about in May of this year.