Kaspersky Lab is warning Apple users to be extra cautious when sharing personal data. This warning comes after months of escalated phishing campaigns in which cyber criminals request and then steal user account information for iCloud and iTunes, as well as credit card details.
Success often attracts copycats - and this is something Apple is currently learning. According to information from Kaspersky Lab, the number of phishing attempts involving copies of Apple's official website, apple.com, has escalated sharply since the beginning of 2012. Whereas, in 2011, the Kaspersky Security Network was registering an average of 1,000 of these attempts per day, there are now an average of 200,000 per day.
There are, however, enormous daily fluctuations, with cyber criminals clearly timing their phishing attempts precisely to Apple’s marketing campaigns. On 6th December 2012, immediately following the opening of iTunes stores in India, Turkey, Russia, South Africa and an additional 52 countries, Kaspersky Lab detected an all-time record - over 900,000 phishing attempts on Apple users in a single day.
The methods used by cyber criminals to access Apple user data are by no means new. They include sending emails purporting to come from email@example.com or Apple Customer Support. These emails are usually professionally written, feature the Apple logo, and may even include links to “Frequently Asked Questions” in order to convince sceptical users. The emails also contain links to faked Apple websites, where users are requested to enter their Apple ID and/or password. This information is then stolen and misused by cyber criminals.
In another variation, Apple customers have their credit card data stolen directly. This is done by sending users an email requesting they verify the credit card information attached to their Apple IDs. They are then asked for their credit card type and number, as well as its expiry date, the card verification code, their date of birth, and potentially other identifying details.
One way to distinguish between real websites and counterfeits created for phishing purposes is to look at the address bar. While most counterfeit sites have the word “apple.com” as part of their address (URL), experienced users should - at least at second glance - be able to detect forgeries by examining the complete address.
Things become more difficult when the address bar cannot be seen. This is the case with the Safari browser used on mobile devices like the iPhone and iPad. Fraudsters can also construct websites in such a way that the genuine address is incorporated into the site as an image, which is displayed at the top of the screen as expected.
Users should first check whether any emails they receive requesting them to enter certain information actually come from Apple. By mousing over the address field, the true sender is displayed. Users can thus determine whether or not the email in question was sent by Apple.
To guard against fraud attempts, Apple also provides a two-step authentication process for Apple IDs. This process involves sending a four-digit code to one or more previously selected devices belonging to the user. This serves as an additional verification and prevents undesired changes being made on the “my Apple ID” site or, for example, third parties making unauthorised purchases using your Apple ID.
Unfortunately, this does not yet prevent cyber criminals from using stolen credit card data. Users should not follow links in questionable emails to access websites. Instead, they should manually enter website addresses into browser windows. Users who still want to use such links should carefully check their content and the address of the website they link to. In addition, Mac users should use a security software package like Kaspersky Security for Mac as standard. This will protect Mac users in real-time against viruses, trojans, spyware, phishing attempts and harmful websites, as well as preventing Macs from distributing Windows malware to friends and colleagues.