Member Article

Kaspersky Lab warns Apple users against Phishing increase

Kaspersky Lab is warning Apple users to be extra cautious when sharing personal data. This warning comes after months of escalated phishing campaigns in which cyber criminals request and then steal user account information for iCloud and iTunes, as well as credit card details[1].

Success often attracts copycats - and this is something Apple is currently learning. According to information from Kaspersky Lab, the number of phishing attempts involving copies of Apple’s official website, apple.com, has escalated sharply since the beginning of 2012. Whereas, in 2011, the Kaspersky Security Network[2] was registering an average of 1,000 of these attempts per day, there are now an average of 200,000 per day.

There are, however, enormous daily fluctuations, with cyber criminals clearly timing their phishing attempts precisely to Apple’s marketing campaigns. On 6th December 2012, immediately following the opening of iTunes stores in India, Turkey, Russia, South Africa and an additional 52 countries, Kaspersky Lab detected an all-time record - over 900,000 phishing attempts on Apple users in a single day.

Tried and true email traps succeed with Apple users

The methods used by cyber criminals to access Apple user data are by no means new. They include sending emails purporting to come from service@apple.com or Apple Customer Support. These emails are usually professionally written, feature the Apple logo, and may even include links to “Frequently Asked Questions” in order to convince sceptical users. The emails also contain links to faked Apple websites, where users are requested to enter their Apple ID and/or password. This information is then stolen and misused by cyber criminals.

In another variation, Apple customers have their credit card data stolen directly. This is done by sending users an email requesting they verify the credit card information attached to their Apple IDs. They are then asked for their credit card type and number, as well as its expiry date, the card verification code, their date of birth, and potentially other identifying details.

How to identify phishing sites

One way to distinguish between real websites and counterfeits created for phishing purposes is to look at the address bar. While most counterfeit sites have the word “apple.com” as part of their address (URL), experienced users should - at least at second glance - be able to detect forgeries by examining the complete address.

Things become more difficult when the address bar cannot be seen. This is the case with the Safari browser used on mobile devices like the iPhone and iPad. Fraudsters can also construct websites in such a way that the genuine address is incorporated into the site as an image, which is displayed at the top of the screen as expected.

How Apple users can protect themselves against counterfeiters

Users should first check whether any emails they receive requesting them to enter certain information actually come from Apple. By mousing over the address field, the true sender is displayed. Users can thus determine whether or not the email in question was sent by Apple.

To guard against fraud attempts, Apple also provides a two-step authentication process for Apple IDs. This process involves sending a four-digit code to one or more previously selected devices belonging to the user. This serves as an additional verification and prevents undesired changes being made on the “my Apple ID” site or, for example, third parties making unauthorised purchases using your Apple ID.

Unfortunately, this does not yet prevent cyber criminals from using stolen credit card data. Users should not follow links in questionable emails to access websites. Instead, they should manually enter website addresses into browser windows. Users who still want to use such links should carefully check their content and the address of the website they link to. In addition, Mac users should use a security software package like Kaspersky Security for Mac as standard. This will protect Mac users in real-time against viruses, trojans, spyware, phishing attempts and harmful websites, as well as preventing Macs from distributing Windows malware to friends and colleagues.

Further information on phishing attempts targeting Apple customers is available in the following blog post: http://www.securelist.com/en/blog/8108/Apple_of_discord

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its 15-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for consumers, SMBs and large enterprises. The company currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.co.uk.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2011. The rating was published in the IDC report “Worldwide Endpoint Security 2012–2016 Forecast and 2011 Vendor Shares (IDC #235930, July 2012). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2011.

[1]http://www.securelist.com/en/blog/8108/Apple_of_discord

[2] Kaspersky Lab’s analysis is based on anonymous data collected via the cloud-based Kaspersky Security Network (KSN). Figures from the period from 1 May 2012 to30 April 2013 were compared with figures from the same period in 2011-2012. Detailed information from the KSN can be found in the following whitepaper http://www.kaspersky.com/images/KES8_Whitepaper_4_KSN.pdf.

This was posted in Bdaily's Members' News section by Alice Collins .