A Fruity Bait

July 8, 2013

There is a common belief that Apple operating systems are well protected against cybercriminals. This belief used to be true, but Apple users are quickly becoming an attractive target for phishing attacks due to the growing user base and the fact that most customers have their credit card attached to the App Store or iTunes.


Apple has done their job exceptionally well by introducing their pre-moderated iOS App Store and the Mac App Store. Both have made it incredibly difficult for cybercriminals to introduce malicious apps to users devices, especially for those users who avoid side-loading software to their Macs. So to some it seems there is no need to worry about security – but that’s very, very wrong, because Mac malware does exist and some examples of it are widespread.

However, it’s not only malware that should worry users. To work with new Macs, iPads iPhones and other Apple devices, a user has to obtain a kind of digital passport called an Apple ID. This ID is the same for iTunes, the App Store and the Apple online store, and most users choose to attach a credit card to it to make purchases from the diverse Apple ecosystem, exposing them to potential threats.

By obtaining your Apple ID, cybercriminals can access all your information from the iCloud and can make a potential profit by selling it or they can make purchases on your behalf.

There are a lot of phishing schemes based on fake sites mimicking apple.com. Usually scammers send convincing-looking letters from “Apple support” in which a user is requested to confirm his/her identity. If you pay attention to a letter like this though, you can typically discover some alarming details:

  • The link to click. Scammers try to disguise their phishing site by putting Apple somewhere inside of the address, and also actively use URL shorteners like bit.ly. However, it’s unlikely for Apple support to use shorteners or to use any site other than apple.com.
  • Address bar. Phishing sites look exactly like apple.com, but if you pay attention to the address bar you should notice that it’s not actually apple.com, yet rather some other site. Just make sure that you’ve checked the whole address, paying extreme attention to this when using your browser on a phone or tablet. Site addresses are often hidden on a small screen so you have to manually click on website title or scroll up to check the address.
  • Sender address. An e-mail sender address might look legitimate, but it’s not that complicated to forge a sender address via e-mail. Take note of e-mail headers to double check who the original sender was.

What phishers really want is to have your Apple ID. By obtaining your ID, cybercriminals can access all your information from the iCloud and can make a potential profit by selling it or they can make purchases on your behalf. Some thieves also use an additional form requesting users to re-attach their credit card to their Apple ID. If a victim types in the requested details (including card number and verification code) a cybercriminal can directly steal money from this credit card.

To avoid this threat pay close attention to any letter from Apple requesting you to re-authorize, confirm your data, etc. The safest way to proceed in this case is to call Apple support and check if you really need to take any action. Also, use best practices for clicking on any links inside e-mails. It’s much safer to type in the requested address (apple.com in this case) manually instead of clicking the link itself.

To increase your security, we recommend enabling two-factor authentication on your Apple account. Always remember that phishing is a cross-platform threat, and you may become a victim regardless of the device or operating system you use. So whether it’s a computersmartphone or tablet, keep your devices protected.