Connect with us

Communication

Apple Users Targeted in Phishing Campaign

Published

on

Apple security

 A cybersecurity firm has uncovered several phishing campaigns targeting Apple users’ credentials – Apple IDs and passwords – since the beginning of 2016.

// -- Discuss and ask questions in our community on Workplace.

Cyber criminals are devising faux Apple domains purporting to be legitimate websites to engage in phishing attacks targeting Apple iCloud users in China and the UK, revealed cybersecurity firm FireEye Labs.

In particular, the phishing campaigns are geared to ascertain the Apple IDs and passwords of Apple users.

Provided by Apple, an Apple ID is a centralized personal account that provides customers access to several Apple platforms and services including the App Store, iTunes Store, and iCloud. An Apple ID can be used to access the same features across several Apple devices including an iPad, iPhone, iPod Touch, Mac and even a Windows personal computer.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Apple users will vouch for the iCloud as an essential feature, one which backs up users’ documents, photos, contacts and more to the cloud, in their latest versions. Notably, the iCloud Keychain feature also grants users to store credit card details and passwords, in order to autofill the details on their authorized computers. However, such functionality brings with it, certain vulnerabilities.

For one, anyone with access to an Apple ID, password and information such as date of birth and device screen code can gain total access to the device and the accounts within the device. Such a compromise could mean unauthorized purchases through the stored credit card details from the Apple Store and the App store.

Indeed, FireEye wrote:

Cybercriminals are targeting Apple users by launching phishing campaigns focused on stealing Apple IDs, as well as personal, financial and other information. We witnessed a high frequency of these targeted phishing attacks in the first quarter of 2016.

Apple Users Targeted in China and Britain

One prominent phishing campaign looking to gain Apple users’ credentials was codenamed the zycode kit. Altogether, the campaign spawned over 30 fake Apple domains, purporting to be legitimate Apple domains with an interface mimicking that of Apple’s websites.

A Fake Chinese Apple Website

A Fake Chinese Apple Website

 

FireEye researchers wrote:

Most of these domains appeared as an Apple login interface for Apple ID, iTunes and iCloud. The domains were serving highly sophisticated, obfuscated and suspicious JavaScripts, which was creating the phishing HTML content on the web page.

This technique is effective against anti-phishing systems that rely on the HTML content and analyze the forms.

British Apple Users are also at risk, with over 86 faux phishing websites canvassed by FireEye since January 2016 alone. This campaign used code obfuscation methods as a sophisticated evasion technique to avoid phishing detection.

A Fake Apple Website Targeting British Users

A Fake Apple Website Targeting British Users

The real Apple domain

The real Apple domain

 

Typically, the fake website which resembles the authentic page asks for the username and password. When the unsuspecting user enters the credentials, the fake website informs the user that the Apple ID provided has been locked for security purposes, asking the user to unlock it.

The ‘unlocking’ process requires users to enter personal details including name, date of birth, telephone numbers, credit card details, addresses, security questions and more.

After entering the details, the user is asked to wait till verification is complete, before redirecting the user to the authentic Apple website, where the unsuspecting user logs in routinely, none the wiser.

Images from Shutterstock and FireEye.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.




Feedback or Requests?

Communication

San Bernadino iPhone Case: Major Press Agencies Are Suing the FBI

Published

on

The Associated Press, Gannett, and VICE Media are suing the FBI to know more details about the agency’s hack of the San Bernadino killer’s iPhone.

// -- Discuss and ask questions in our community on Workplace.

(more…)

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 1 rated postsP. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link




Feedback or Requests?

Continue Reading

Communication

Toward Unbreakable Quantum Encryption for Everyone

Published

on

Hacked recently covered the efforts of the Chinese government to build unbreakable quantum communication networks. According to analysts, quantum communications networks are so expensive that they could have a “recentralizing effect,” enabling states to recover the ground that they have lost to decentralizing digital technologies. But what if ultra-secure quantum cryptography could be made available to everyone at low cost?

// -- Discuss and ask questions in our community on Workplace.

(more…)

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Giulio Prisco is a freelance writer specialized in science, technology, business and future studies.




Feedback or Requests?

Continue Reading

Communication

The Chinese Quantum Satellite QUESS: Toward Unbreakable Quantum Networks

Published

on

One year ago Hacked covered the race between the US and China to develop “military super-powers” by harnessing quantum science, and noted that Chinese scientists were developing quantum communication satellites that support unbreakable encryption. A few weeks ago, China launched its first quantum satellite.

// -- Discuss and ask questions in our community on Workplace.

(more…)

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Giulio Prisco is a freelance writer specialized in science, technology, business and future studies.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending