Wednesday, 3 September 2014

Warning - a phishing attack against Apple users

In came an email apparently warning me about a problem with my Apple account. With the subject "Apple/iCloud Service Frozen" it looked convincing:


So is this real or a phishing attack? Let's look at the clues.

Clue Number 1 - the curious email address
If you took the time to look closely you'd see that the email didn't come from someone@apple.com as you might expect. Instead it came from "secure@myideviceprofile.info".

Clue Number 2 - the link
The link I was meant to click ">>> Validate My Apple/iCloud Account" also didn't link to a page at apple.com. Instead it links to a page at "myideviceprofile.uk".

However clicking on that link (don't do this yourself) took me to a site that looked just like an Apple page:


Look more closely to see how convincing it is:


It's well done.

I entered random email address and password just to see what would happen. That's when Google Chrome decided to get involved with a warning.


Thanks Google but I'm careful, I'd not actually entered any real personal information. I decided to be brave and "visit the infected site".
Instead I was taken to the Google home page which already had a search in mind for me.


Let's assume that someone had fallen for this and had in fact entered their real Apple ID and password. What would their reaction be when seeing that their computer appears to be searching for child porn on Google? They'd be alarmed, shaken and would feel suddenly very guilty. Isn't that likely to make them forget that they've just given away their Apple password?

And isn't this, or something like it, the most likely way that a bunch of celebrities recently gave away their passwords and had some rather revealing pictures stolen?

According to the BBC story:
"Apple has confirmed that some celebrities' iCloud accounts were broken into, but says it has found no evidence that this was caused by a breach of its security systems.

Instead, the firm suggests perpetrators carried out their thefts by deducing victims' log-in credentials."
Clue Number 3 - nothing wrong
There wasn't actually anything wrong with my Apple account. I know because the first thing I did was to fire up iTunes and check my status. Everything was fine.

The lesson is simple.

You mustn't trust emails that warn of you impending disaster. You should certainly check them but never, ever, click a link in an email like this.

You can see advice from Apple themselves about such phishing scams here and here.

No comments: