Sign in with
Sign up | Sign in

Apple ID Phishing Scam Won't Take Fake Data

By - Source: Tom's Guide US | B 6 comments
Tags :

At this point, the average Internet user has seen every quick-and-dirty phishing scam in the book and knows how to avoid them. That's why the cons are getting more complex and realistic.

Take, for example, the appleidconfirm.net scam, which provides a near-exact facsimile of Apple's website to part you from your billing information — and even checks to make sure that the email address and credit-card number you give it are real.

MORE: 13 Security and Privacy Tips for the Truly Paranoid

The information comes by way of a blog post from the SANS Institute Internet Storm Center, an American organization that monitors online security. The scam begins when users receive emails purporting to be from Apple, informing them that they need to confirm their Apple IDs and the billing information associated with their accounts.

A link in the email brings them to appleidconfirm.net, which at press time was not reachable. (The URL should be a red flag, as it is not an official Apple website). The site looks identical to Apple's actual login site, and even purports to have a JavaScript protocol in place to verify login info.

The system probably cannot confirm a real username/password combination. However, if you try to enter an invalid email address or a password that doesn't match Apple's parameters, the site will ask you to reenter your information.

From there, the site asks users for their full names, billing addresses and credit-card information. The site can even verify whether the credit card used is real and active, and will demand that the user input a valid one if not. At the end of the process, the site takes users to Apple's official website, leaving them (in all likelihood) none the wiser.

The scam site's realistic appearance is actually a simple trick. Instead of recreating Apple's login page from the ground up, the phishers took screenshots of Apple's pages and overlaid them with invisible text entry boxes. One dead giveaway of the site's inauthenticity is the fact that none of the links work.

Sharp-eyed users will also notice that appleidconfirm.net uses HTTP authentication instead of the more secure HTTPS. Of course, users who pay attention to security protocols are not likely to fall for the fake URL in the first place.

This phishing scam appears to be a very clever one, but you can avoid it the same way you avoid any other scam: Verify that the email address and URL are official company property. If in doubt, check your account status on the company's official website.

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.

Discuss
Add your comment Display all 6 comments.
Top Comments
  • 11 Hide
    house70 , March 31, 2014 12:20 PM
    "...Of course, users who pay attention to security protocols are not likely to fall for the fake URL in the first place"Nor would they use Apple in the first place.
Other Comments
  • 5 Hide
    COLGeek , March 31, 2014 11:37 AM
    Even scumbags will learn and get smarter in their attempts to part people from their money.
  • 8 Hide
    bak0n , March 31, 2014 11:55 AM
    Not possible. Apple is 100% immune to viruses, exploits and phishing!
  • 11 Hide
    house70 , March 31, 2014 12:20 PM
    "...Of course, users who pay attention to security protocols are not likely to fall for the fake URL in the first place"Nor would they use Apple in the first place.
  • -5 Hide
    Dr-Emmerich , March 31, 2014 8:30 PM
    Quote:
    "...Of course, users who pay attention to security protocols are not likely to fall for the fake URL in the first place"Nor would they use Apple in the first place.
    If you're going to troll try an make sense once and a while.
  • 0 Hide
    spdragoo , April 1, 2014 3:42 AM
    Quote:
    Not possible. Apple is 100% immune to viruses, exploits and phishing!
    I kept expecting to see the "/sarcasm" tag after that...
  • 1 Hide
    Soda-88 , April 1, 2014 11:32 AM
    Quote:
    If you're going to troll try an make sense once and a while.
    Oh my days
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter