Apple Users Targeted in Phishing Campaign | Hacked: Hacking Finance


Apple Users Targeted in Phishing Campaign

Posted on .

Apple Users Targeted in Phishing Campaign


This article was posted on Wednesday, 07:48, UTC.

 A cybersecurity firm has uncovered several phishing campaigns targeting Apple users’ credentials – Apple IDs and passwords – since the beginning of 2016.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Cyber criminals are devising faux Apple domains purporting to be legitimate websites to engage in phishing attacks targeting Apple iCloud users in China and the UK, revealed cybersecurity firm FireEye Labs.

In particular, the phishing campaigns are geared to ascertain the Apple IDs and passwords of Apple users.

Provided by Apple, an Apple ID is a centralized personal account that provides customers access to several Apple platforms and services including the App Store, iTunes Store, and iCloud. An Apple ID can be used to access the same features across several Apple devices including an iPad, iPhone, iPod Touch, Mac and even a Windows personal computer.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Apple users will vouch for the iCloud as an essential feature, one which backs up users’ documents, photos, contacts and more to the cloud, in their latest versions. Notably, the iCloud Keychain feature also grants users to store credit card details and passwords, in order to autofill the details on their authorized computers. However, such functionality brings with it, certain vulnerabilities.

For one, anyone with access to an Apple ID, password and information such as date of birth and device screen code can gain total access to the device and the accounts within the device. Such a compromise could mean unauthorized purchases through the stored credit card details from the Apple Store and the App store.

Indeed, FireEye wrote:

Cybercriminals are targeting Apple users by launching phishing campaigns focused on stealing Apple IDs, as well as personal, financial and other information. We witnessed a high frequency of these targeted phishing attacks in the first quarter of 2016.

Apple Users Targeted in China and Britain

One prominent phishing campaign looking to gain Apple users’ credentials was codenamed the zycode kit. Altogether, the campaign spawned over 30 fake Apple domains, purporting to be legitimate Apple domains with an interface mimicking that of Apple’s websites.

A Fake Chinese Apple Website

A Fake Chinese Apple Website


FireEye researchers wrote:

Most of these domains appeared as an Apple login interface for Apple ID, iTunes and iCloud. The domains were serving highly sophisticated, obfuscated and suspicious JavaScripts, which was creating the phishing HTML content on the web page.

This technique is effective against anti-phishing systems that rely on the HTML content and analyze the forms.

British Apple Users are also at risk, with over 86 faux phishing websites canvassed by FireEye since January 2016 alone. This campaign used code obfuscation methods as a sophisticated evasion technique to avoid phishing detection.

A Fake Apple Website Targeting British Users

A Fake Apple Website Targeting British Users

The real Apple domain

The real Apple domain


Typically, the fake website which resembles the authentic page asks for the username and password. When the unsuspecting user enters the credentials, the fake website informs the user that the Apple ID provided has been locked for security purposes, asking the user to unlock it.

The ‘unlocking’ process requires users to enter personal details including name, date of birth, telephone numbers, credit card details, addresses, security questions and more.

After entering the details, the user is asked to wait till verification is complete, before redirecting the user to the authentic Apple website, where the unsuspecting user logs in routinely, none the wiser.

Images from Shutterstock and FireEye.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
The team:
Dmitriy Lavrov
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Jonas Borchgrevink is the founder of and He is a serial entrepreneur, trader and investor. He shares his own personal journey on // -- Discuss and ask Read More
Mate Csar
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Mati Greenspan
Senior Market Analyst at // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
 The Federal Reserve Bank of New York had initially blocked…