Security Bytes

Sep 28 2010   2:18PM GMT

Apple customers target of convincing Apple Store phishing site

ITKE ITKE Profile: ITKE

Phishing site steals Apple ID, password, customer’s name, credit card CVV number and contact details.

By Kathleen Kriz, Contributor

Phishing sites are quickly rising in popularity, and Symantec warns that Internet users be more careful when it comes to giving out sensitive information. Apple customers are the latest target for such scams, according to Symantec researcher Mathew Manivara.

Now, users need to make sure when they go to the Apple Store online, it is the real Apple Store. This scam targets people with My Apple accounts. A faux site is designed to look just like the actual My Apple site, tricking users into entering their account information.

The real My Apple site provides news on the latest Apple updates and information about products and services, while the phishing site prompts customers to update their profiles, including credit card and contact information. Once the information is entered, an error message indicates the session has timed out and the customer is redirected to the real Apple homepage. According to the Symantec blog, customers don’t think twice, believing that it was a momentary flaw in the Apple website.

The phishing site was hosted on a free Web-hosting site located on servers based in Canada. Although the domain name was a free Web-hosting domain, the phishing URL may appear to be legitimate at first glance due to the use of certain keywords that make the phishing URL resemble the legitimate URL.

Apple has been the target of phishing scams lately due to the popularity of products like the iPad and iPhone. Other popular sites for phishing are Twitter, other social networks and credit card pages. See our Security Bytes blog for more information on these phishing scams. The fake sites, created by cybercriminals, aim to pilfer sensitive information from users such as credit card information, log-in credentials and even Apple gift card information, like a scam that came about in May of this year.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: