Hackers unleash Apple ID phishing attacks

Just days before Apple Inc.’s much anticipated product announcement on Tuesday, reports are circulating that a hacker group has launched a phishing campaign which exploits users’ security concerns over their Apple online accounts.

The campaign started just a few days after news broke of celebrities having their Apple iCloud accounts being compromised. A large cache of celebrity nude photos were leaked after iCloud accounts of celebrities were compromised. Security software company Symantec Corp. said that a major botnet is now targeting Apple customers with spam emails.

The company believes Kelihos botnet, which is mainly used for spam and stealing bitcoins, is being used by the attackers to send bogus alerts that purport to come from Apple. The emails inform potential victims that a purchase was made using their Apple ID from the iTunes Store, according to a recent Symantec blog.

The spam emails have the subject line “Pending Authorization Notification.” The email informs the user that their account was used to purchase the film “Lane Splitter” on a computer of device that was not previously linked to their Apple ID. The email includes an IP address purportedly located in Volgograd, Russia and which is supposed to have been used to make the purchase.

The email tells the user that if they did not make the purchase, they should check their Apple ID by clinking on an accompanying link.

“This will lead to a shortened URL that in turn directs the victim to a phishing page,” according to the Symantec blog.

The page, which is made to appear as an Apple Web site, asks the user to submit their Apple ID and password.

“If the victim does so, the attacker will presumably harvest their credentials for exploit or resale,” Symantec said.

Symantec advises users to follow these best practices to avoid becoming victims of phishing attacks:

  • Beware of messages claiming that your account has been restricted or somehow needs to be updated
  • Do not click on suspicious links in email messages
  • Do not provide any personal information when replying to emails
  • Do not enter personal information in a pop-up page or window
  • Exercise caution when clicking on enticing links sent through emails or posted on social networks
  • Use comprehensive security software to be protected from phishing and social networking scams

Tim Cook, chief executive of Apple announced last week that the company is beefing up security around iCloud. He said none of the compromised Apple IDs and passwords was leaked from Apple’s servers.

Apple is expected to announce its latest smart phone, the iPhone 6 on Tuesday.



Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor Arellano
Nestor Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.