Monday, January 27 11:35:09
Cyber-criminals are using Irish people's confidence in the Apple iTunes brand to launch phising attacks, according to a leading Irish network security company.
Apple users are often known for their confidence when it came to online threats, believing their platform keeps them safe from any threats, ESET Ireland said.
But that confidence can work against them when it comes to social engineering, particularly phishing, as they tend to trust "official" looking websites more and cybercriminals know and abuse this to the maximum. "Phishers" create elaborate websites that look similar to iTunes, but their sole purpose is to collect account information.
A very realistic looking phishing email is being received by Irish users, using the usual Apple visual clues and leading to a faked ITunes Connect login site (its address is associated with malware distribution by several antivirus vendors) which harvests login details of users. It still lets you in if you enter any made-up nonsense though.
Once "logged in", the page asks you to "confirm" many of your personal details, including your credit card number and security code, as well as your Social Security number if you happen to be American, your password and sort code.
Even though Apple would never ask their users for any of this information via email and warns exactly against such phishing on their support website, many users are still convinced by the look and feel of the site.
If anyone has entered their login details, they handed them over to the cybercriminals and should therefore change them immediately. If they supplied them with any additional information, such as their credit card details, they should cancel their card and make all other steps to limit the potential damage of having revealed their sensitive information.