Hackers launch Apple ID phishing campaign playing on iCloud security worries

Phishing emails masquerade as security alerts from Apple about rogue iTunes purchases, researchers from Symantec said

The hackers behind the Kelihos botnet are trying to capitalize on users' increased awareness about the security of Apple online accounts through a new phishing campaign.

According to security researchers from Symantec, the Kelihos botnet has started sending spam emails that purport to be security alerts from Apple informing recipients that a purchase was made using their Apple ID from the iTunes Store. Apple IDs are the accounts that customers use to access Apple's online services.

The rogue emails bear the subject "Pending Authorisation Notification" and claim that the purchase was made from a computer or a device not previously linked to the user's Apple ID, the Symantec researchers said Friday in a blog post. The emails list an IP (Internet Protocol) address from where the purchase was allegedly initiated and a corresponding physical location of Volgograd, Russia, they said.

The fake messages instruct users to click on a link if they didn't initiate the purchase. The link leads to a phishing site that masquerades as the Apple ID log-in page and harvests credentials inputted by users for later misuse.

The use of fake security alerts as phishing bait is not a new technique. However, because this particular attack comes shortly after a widely publicized event where a number of celebrities had their iCloud accounts broken into, it might trick a larger number of users than a typical phishing campaign.

One week ago news broke out that hackers stole nude photographs from the iCloud accounts of a number of female actresses and models and leaked some of them on public websites.

There was initial speculation that the leaks might have been the result of a brute-force password guessing attack via the "Find My Phone" feature, but Apple later said that the leaks were the result of a "a very targeted attack on user names, passwords and security questions" and not that of a breach of the company's cloud-based systems.

The incident received so much attention online and in the media that it even prompted a response from Apple CEO Tim Cook, who told the Wall Street Journal that the company will start sending security notifications to users via email and push messages when iCloud account changes occur.

"It is possible that the timing of the [phishing] campaign is not a coincidence and the controllers of the botnet are attempting to exploit public fears about the security of Apple IDs to lure people into surrendering their credentials," the Symantec researchers said.

The Kelihos botnet authors are adept at exploiting current events. In August they launched a spam campaign that encouraged Russian-speaking users to install a program on their computers so they can be used in distributed denial-of-service (DDoS) attacks against Western government websites in response to the recent international sanctions against Russia. The emails actually linked to a variant of the Kelihos malware, not a DDoS program.

To prevent unauthorized access to their accounts even when their user names and passwords are compromised, users are advised to turn on two-step authentication for their Apple ID accounts.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityApplescamssymanteconline safetyAccess control and authenticationIdentity fraud / theft

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?