“A new phishing threat is targeting businesses and consumers with Apple IDs in an effort to steal IDs, passwords and credit card information,” Ian Barker reports for BetaNews.
“The attack has been identified by Comodo Antispam Labs and looks like an official Apple email,” Barker reports. “The messages claims that limitations have been placed on the user’s account and that they need to provide additional verification information by clicking a link.”
“If the link is clicked it leads to pages with a similarly authentic Apple look and feel that ask for passwords and billing information including payment card details,” Barker reports.
Read more in the full article here.
MacDailyNews Take: Lets be careful out there. Always manage your Apple ID by going directly to: https://appleid.apple.com
Shouldn’t two step authentication kick into operation? I doubt that could be replicated by hackers.
If the vast majority of Apple users don’t know about 2 step authentication, then the phishing attempts will still work. Even when people know that there should be two steps, many will fall for the scam.
Apple’s two step authentication is a PITA. I used it for a while and then disabled it. A strong password and vigilance go a long way.
I know your pain. Same here. And I research and write about Mac security! *sigh* ‘Two-Factor Authentication’ takes some getting used to. PLUS Apple made it very clunky to use. I’ve constantly had problems with it, spent at least a couple hours chatting with Apple about it. They know.
Thank you. Low hanging fruit like you will help to keep those of us that DO use 2SA out of the crosshairs of the bad guys.
The only way it could is if they were literally signing you in at the exact time you were trying to do it. Like you sign into their cheap knockoff Samsung-praising website, they see it and attempt a login on Apple’s, it generates the code and you enter it, then they take that and immediately enter it on their end. It would all have to be completely live, fairly sophisticated, and would demand the utmost focus and dedication of the hacker. Unless they automated that whole thing, but even then it would just need to be that much more sophisticated.
Sure it would but this is targeted at people not so savvy and not so thoughtful on security matters, and there are many of them out there. Furthermore, whos to say they havent rigged a phony 2step authentication system?
I’ve received several emails from someone pretending to be Apple. The email says that a purchase has been made on my Apple ID and if it wasn’t me, then I should go to to apply for a refund. If I click on the link, the URL is something not related to Apple at all. The link asks for Apple ID and password. No, I’m not dumb enough to give that information out to any site where I did not initiate contact.
And never ever proceed from a given link!
I forward everything suspicious to reportphishing@apple.com. I almost never get a repeat email from the same person, so Apple seems pretty on top of it.
And I never click on a link. In your email you can highlight the senders address and it will show you the true sender.
Anyone who doesn’t know by now to NEVER click links in email messages that look “official” is begging for trouble.
That’s nothing!
There’s a new Windows 10 scam that encrypt your files (for real) and tell you you need to pay a ransom to get your files back!
Of corse the people that I first heard report this made no mention that this was a Windows only scam and that Macintosh users were not effected. They even suggested Apple’s Time Machine as a way to protect yourself from this type of scam. 😐
Yep, Time Machine and the Mac that comes with it would do nicely!
I’ve been seeing bogus AppleID phishing scams like this for years. What’s new here?
-jcr
I’ve been getting some for a while now; they look amateurish and the address it’s sent from reads as my email.
Mail does a good job of throwing them into my Junk folder so I can check and delete.
I get a fraudulent ‘Apple’ phishing message about once a week. I always report them to SpamCop.org and direction to Apple:
reportphishing@apple.com
What Apple needs is the phishing email forwarded to them using the email address above, PLUS the full code from the email, including headers. Both of these strategies help seek and destroy the phishing rats.
Thanks for providing the link …
… hey, wait a minute.
I didn’t provide a link. [Scrambling to see what WordPress did to my post.] Oh, that’s a bit scary. It made the email address to Apple into a live link. SORRY. Heh.
A few things i have observed in terms of computer system memory is always that there are specifications such as SDRAM, DDR etc, that must go with the specifications of the mother board. If the computer’s motherboard is pretty current while there are no operating-system issues, improving the memory literally normally takes under an hour or so. It’s one of the easiest computer system upgrade treatments one can visualize. Thanks for revealing your ideas.