Kaspersky Lab published a phishing report that analyzed the dramatic increase of cybercriminal campaigns designed to steal users’ Apple IDs and account information by creating fraudulent phishing sites that try to imitate the official apple.com site. Cybercriminals are using the fake Apple sites to try and trick users into submitting their Apple ID credentials, which would enable the criminals to steal the users’s account login and access the victim’s personal data, information and credit card numbers stored on their iCloud and iTunes accounts.
From January 2012 through May 2013 Kaspersky Lab’s cloud-based Kaspersky Security Network (KSN) detected an average of 200,000 attempts per day of users trying to access the phishing sites, which were triggered each time a user running Kaspersky Lab’s products was directed to one of the fraudulent sites.
The increase in average detections is a marked increase compared to 2011, which averaged only 1000 detections per day. Kaspersky Lab’s web antivirus module successfully detected and prevented its users from accessing the sites; however, the increase in detections shows how these scams are becoming more commonly used by cybercriminals for phishing campaigns.
Kaspersky Lab’s experts analyzed the cybercriminals’ behaviour and patterns on a daily and monthly basis, noticing that fluctuations and increases in phishing attempts often coincided with large events from Apple. For example, on December 6, 2012, immediately following the opening of iTunes stores in India, Turkey, Russia, South Africa and an additional 52 countries, Kaspersky Lab detected an all-time record of more than 900,000 phishing attempts directing to fake Apple sites in a single day.
The main distribution method used by cybercriminals to direct users to the fraudulent Apple sites are predominantly phishing emails posing as Apple Support with fake alias names in the “Sender” field, such as services@apple.com. The messages would typically request users to verify their account by clicking on a link and entering their Apple ID information. These emails are deceptively clever and professionally designed in order to make them appear authentic, including the use of Apple’s logo and presenting the message with similar formatting, colouring and style that Apple uses.
Another variation of these phishing emails are designed to steal Apple customers’ credit card information. This is done by sending users an email requesting that they verify or update the credit card credentials attached to their Apple IDs, which can be done by clicking on a link in the message. The link directs the user to a phishing site that imitates how Apple requests credit card information from their customers to fool users into inputting their credit card information and other personal information.
One way to distinguish between real websites and counterfeit ones created for phishing purposes is to look at the address bar of the website. While most counterfeit sites have the word “apple.com” as part of their address (URL), the address would not be verified by Apple and would include additional text in the URL.
However, identifying phishing sites become harder when users can’t see the full URL address, which is typically the case when iOS users are running Safari on their iPhone or iPad devices. When users click on links from email messages on iOS devices the complete URL address is hidden from them when the page is downloaded and opened through Safari.
Users should verify email address aliases from Apple by checking the original sender address first. On a computer this can be done by mousing over the sender address field, which reveals the sender alias’ true email address. When using a mobile device, users should touch the email alias from the sender, which expands the alias to show the full address of the sender.
To guard against fraud attempts, Apple also provides a two-step authentication process for Apple IDs. This process involves sending a four-digit code to one or more previously selected devices belonging to the user. This serves as an additional verification and prevents undesired changes being made on the “my Apple ID” site or, for example, third parties making unauthorised purchases using your Apple ID.
Unfortunately, this does not yet prevent cybercriminals from using stolen credit card data. Users should not follow links in questionable emails to access websites. Instead, they should manually enter website addresses into browser windows. Users who still want to use such links should carefully check their content and the address of the website they link to. In addition, Mac users should use a security software package like Kaspersky Security for Mac as standard. This will protect Mac users in real-time against viruses, trojans, spyware, phishing attempts and harmful websites, as well as preventing Macs from distributing Windows malware to friends and colleagues.
Further information on phishing attempts targeting Apple customers is available on Securelist.com
Related
Tags: 2013 Global Corporate IT Security Risks survey , 37.3 million users Experienced Phishing attacks in the last year- Kaspersky Lab , 99% of all mobile malware is created for this platform , According to Kaspersky Lab’s report , according to the 2013 Global Corporate IT Security Risks survey conducted by B2B International , actors to successfully compromise more than 350 high-profile victims in 40 countries , affect the Android ecosystem too badly at present , Altaf Halde Managing Director Kaspersky Lab South Asia , an application or computer-aided design files , and it could be customized to steal other types of sensitive information such as configuration details , and the costs associated with engaging incident remediation specialists , and various types of files including PDFs , Andreas Marx CEO of AV-Test , andriod smartphones , Android malware , Another variation of these phishing emails are designed to steal Apple customers’ credit card information. This is done by sending users an email requesting that they verify or update the credit card , anti virus , antivirus solution , Apple also provides a two-step authentication process for Apple IDs , Apple customers is available on Securelist.com , As opposed to the more benign Android malware , as well as preventing Macs from distributing Windows malware to friends and colleagues , Asia-Pacific , Asia-Pacific (68%) and Western Europe (63%) , AV-TEST Certification , AV-Test Certified award , AV-Test.org , Award- Winning Technologies Delivers Ultimate Protection for Your Computer , B2B included only incidents that had occurred in the previous 12 months; the assessment was based on information about losses sustained as a direct result of security incidents. This comprised two mai , Backdoor malware , Backdoor malware allowing hackers to issue malicious commands through standard SMS text messages , Backdoor malware Android trojans , Backdoor malware in a blog post , Backdoor malware To conclude this review , Backdoor.AndroidOS.Obad.a looks closer to Windows malware , backdoors , biidefender , Bitdefender , business continuity , but how can those damages be quantified in financial terms , C&C servers are used to install additional malware on infected machines and exfiltrate stolen data , call and message filtering , colouring and style that Apple uses , Compare products , complexity of Android malware programs , Costs vary wildly depending on where the incident occurs , cyber attack , cyber security , cybercrime , Cybercriminals are paying more and more attention to Android devices , Cybersecurity , Cybersecurity at home , Cybersecurity award 2013 , Cybersecurity award 2014 , Cybersecurity book , Cybersecurity case , Cybersecurity conference , Cybersecurity course , Cybersecurity desktop , Cybersecurity diploma , Cybersecurity event , Cybersecurity for kids , Cybersecurity galaxy phone , Cybersecurity i-phone , Cybersecurity in india , Cybersecurity in ministry , Cybersecurity in world , Cybersecurity laptop , Cybersecurity law , Cybersecurity mobile , Cybersecurity on pornsite , Cybersecurity pornsite , Cybersecurity summit , Cybersecurity summit 2013 , Cybersecurity tablet , Data Theft and Surveillance , Delhi , devices business for Airtel , Director of the Anti-Malware Research Unit Kaspersky Lab , discoverer Roman Unuchek expert at Kaspersky Lab , During Kaspersky Lab’s analysis , During the tests , embassies , Endpoint Security for Business Advanced New , Endpoint Security for Business Core New , Endpoint Security for Business Select New , energy production , eScan , ESET , eset india antivirus , Eugene Kaspersky CEO and co-founder of Kaspersky Lab. , excel sheets , Exfiltrated data from infected machines typically included file system listings , experts at B2B International calculated the damages stemming from cyber-attacks based on the results of a survey of companies around the world , extra browser protection , financial malware , following independent testing in May 2013 , Free online courses Kaspersky Internet Security Kaspersky Anti-Virus Kaspersky Small Office Security Kaspersky Endpoint Security Virus-fighting utilities Kaspersky Virus Removal Tool 2011 Kaspersky Re , hack , Hackers , Homeland Security Secretary Michael Chertoff , how Apple requests credit card information from their customers to fool users into inputting their credit card information and other personal information , how many porn site in india , http://www.kaspersky.com/about/news/virus/2013/Kaspersky_Lab_Analyzes_Active_Cyberespionage_Campaign_Targeting_Online_Gaming_Companies_Worldwide , identifying phishing sites become harder when users can’t see the full URL address , In 2013 , in conjunction with Kaspersky Lab. Any cyber-attack can cause damages for a company , In order to get the most accurate picture of costs , including government institutions , including hiring/training staff and hardware , including the use of Apple’s logo and presenting the message with similar formatting , Instead , internet security , Introducing: World’s Most Dangerous Virus For Android , IT infrastructure , its team of experts obtained infection logs from several of NetTraveler’s command and control servers (C&C) , K. Gunasegharan Director eCaps computers India Private Limited , k7 technologies , Kaspersky 2014 , Kaspersky 2015 , Kaspersky 2016 , Kaspersky a new 'Alarm feature' , Kaspersky a new 'Alarm feature' that helps find lost smartphones , Kaspersky a new tool for checking suspicious links in text messages , Kaspersky About Support , Kaspersky About Us , Kaspersky adds mobile security , Kaspersky Affiliate Partners , Kaspersky Anti-Virus , Kaspersky Anti-Virus 2013 , Kaspersky Become a Partner , Kaspersky Beta Testing , Kaspersky bots and a wide range of other threats , Kaspersky Business News , Kaspersky Business Support Contacts , Kaspersky Buy online , Kaspersky Career Opportunities , Kaspersky checking suspicious links in text messages , Kaspersky cloud-enabled technologies , Kaspersky combination of signature-based , Kaspersky CompanyAccount , Kaspersky Comparative Tests , Kaspersky Consumer Support Contacts , Kaspersky Contact Information , Kaspersky Deeper protection for your business , Kaspersky Device Control , Kaspersky Documentation , Kaspersky easily passed the AV-TEST Certification with an excellent 99% protection rate , Kaspersky Enabling mobile access and secure BYOD , Kaspersky Endpoint Security for Business , Kaspersky Endpoint Security for Business (KESB) , Kaspersky Endpoint Security for Business Advanced , Kaspersky Endpoint Security For Business Benefits , Kaspersky Endpoint Security for Business Core , Kaspersky Endpoint Security for Business Select , Kaspersky Events , Kaspersky Events Calendar , Kaspersky Export Compliance , Kaspersky file server security , Kaspersky Find a Partner , Kaspersky flexible control technologies , Kaspersky Free Malware Removal Tools , Kaspersky Free Virus Scan , Kaspersky Get updates , Kaspersky helps find lost smartphones , Kaspersky How to buy , Kaspersky increasingly sophisticated threats , Kaspersky Internet Security , Kaspersky Internet Security 2013 , Kaspersky Internet Security Special Ferrari Edition , Kaspersky Kaspersky Labs Forums , Kaspersky Lab 100% channel-centric company , Kaspersky Lab an official sponsor of Scuderia Ferrari , Kaspersky Lab Android smartphone security solution , Kaspersky Lab announced the launch of Kaspersky PURE 3.0 Total Security , Kaspersky Lab announced the launch of Kaspersky PURE 3.0 Total Security special edition pack , Kaspersky Lab announces that its Android smartphone security solution Kaspersky Mobile Security has won the AV-Test Certified award , Kaspersky Lab Automatic Exploit Prevention , Kaspersky Lab Bangalore and Hyderabad , Kaspersky Lab Chennai , Kaspersky Lab computer security suite , Kaspersky Lab consumer PC protection , Kaspersky Lab eCaps , Kaspersky Lab embarks on multi-city Enterprise Partner Trainings in India , Kaspersky Lab has announced the release of a new version of Kaspersky Mobile Security , Kaspersky Lab has conducted several such technical sessions already in this quarter , Kaspersky Lab has embarked aggressively on a series of partner technical , Kaspersky Lab Identifies Increase In Apple Phishing Scams As Cybercriminals Target Apple IDs And Financial Credentials , Kaspersky Lab launches Kaspersky PURE 3.0 , Kaspersky Lab multi-city Enterprise Partner Trainings in India , Kaspersky Lab Mumbai technical training lab , Kaspersky Lab National Distributor for corporate business , Kaspersky Lab newest version of its flagship product , Kaspersky Lab online backup , Kaspersky Lab online banking security , Kaspersky Lab Online Password Manager , Kaspersky Lab online store , Kaspersky Lab Parental Controls , Kaspersky Lab partners strengthen their technical expertise in Kaspersky B2B solutions , Kaspersky Lab partners with training and marketing to grow their business , Kaspersky Lab password management , Kaspersky Lab Pitstops are planned for Delhi and other North Indian cities , Kaspersky Lab press conference held at ITC Maurya , Kaspersky Lab Pricing and Availability (End users) , Kaspersky Lab protect financial data , Kaspersky Lab protect passwords , Kaspersky Lab protect photos and more , Kaspersky Lab protect your PCs , Kaspersky Lab Quotes , Kaspersky Lab Retail in presence of the channel partners , Kaspersky Lab Safe Money , Kaspersky Lab sales enablement trainings and meetings across multi-cities in India , Kaspersky Lab series in its first phase has covered Mumbai , Kaspersky Lab special edition pack , Kaspersky Lab Titled Partner Pitstops , Kaspersky Lab Total Security That Delivers the Ultimate PC Protection , Kaspersky Lab trainings in South India , Kaspersky Lab unveiled the latest version of its premium product , Kaspersky Lab’s , Kaspersky Lab’s experts calculated the amount of stolen data stored on NetTraveler’s C&C servers to be more than 22 gigabytes , Kaspersky Lab’s mobile products , Kaspersky Lab’s software , Kaspersky Lab’s software did not return a single false positive , Kaspersky Lab’s solution , Kaspersky Lab’s solution was recognized as economical in terms of both CPU resource consumption and the use of Internet connections , Kaspersky Lab’s team , Kaspersky Lab’s team of experts published a new research report about NetTraveler , Kaspersky Labs Forums , Kaspersky Linux and Novell NetWare against malware , Kaspersky mobile and diversified workforce , Kaspersky Mobile Security , Kaspersky Mobile security Anti-Theft Protection with Remote Web Management , Kaspersky Mobile security Antivirus Protection , Kaspersky Mobile security Call and Text Filtering , Kaspersky Mobile security Mobile Threat Insight , Kaspersky Mobile security must reinstall the application , Kaspersky Mobile Security New , Kaspersky Mobile security New features in the latest version , Kaspersky Mobile Security now features new protection tools , Kaspersky Mobile security Privacy Protection , Kaspersky Mobile security Product Highlights , Kaspersky Mobile security protecting user data from cybercriminals and fraudsters , Kaspersky Mobile security Registered users of previous versions can upgrade to Kaspersky Mobile Security free of charge , Kaspersky Mobile Security reliably protects mobile web access from malicious links , Kaspersky Mobile Security successfully achieves , Kaspersky Mobile Security was among the best in a field of 30 security solutions from various manufacturers , Kaspersky Mobile Security was awarded a perfect 6 points for Usability , Kaspersky Mobile security Web Protection , Kaspersky Mobile security will be also available from 14th May 2013 , Kaspersky Mobile security will be also available in IT retail outlets and major large format retail outlets , Kaspersky Mobile security will be also available on Reliance Digital , Kaspersky Mobile security will be also available on Staples and Wal-Mart in India , Kaspersky Mobile Security Win AV-Test Certified Award , Kaspersky multi-layer defences , Kaspersky Multi-level mobile security technologies , Kaspersky MyAccount , Kaspersky Network Attack Blocker , Kaspersky new security solution features , Kaspersky on Sakri online shop , Kaspersky ONE , Kaspersky Online Shop , Kaspersky Own Device (BYOD) , Kaspersky Partners , Kaspersky Password Manager , Kaspersky Pilot Testing Portal , Kaspersky plus special features , Kaspersky Powerful control tools , Kaspersky Preconfigured for immediate protection , Kaspersky Press Center , Kaspersky Press Releases , Kaspersky Preventing the spread of malware via shared storage , Kaspersky product comes with a new tool , Kaspersky Product News , Kaspersky Product Support Lifecycle , Kaspersky Product Updates , Kaspersky Products & Services , Kaspersky Products for Small Office , Kaspersky protect your systems , Kaspersky PURE , Kaspersky PURE 3.0 , Kaspersky PURE 3.0 is available for purchase now on Kaspersky Lab’s online store , Kaspersky PURE 3.0 New , Kaspersky PURE 3.0 now offers an integrated online backup feature , Kaspersky Pure 3.0 was launched by Sachin Tendulkar , Kaspersky PURE’s parental controls , Kaspersky Renew license , Kaspersky RSS Feeds , Kaspersky Security Center , Kaspersky Security Experts , Kaspersky Security for Mac , Kaspersky security policies , Kaspersky security solution for Android-based smartphones , Kaspersky sensitive business data , Kaspersky Small Office Security , Kaspersky Spam News , Kaspersky Strategic Partners , Kaspersky Support , Kaspersky Support Terms and Conditions , Kaspersky Tablet Security , Kaspersky Tablet Security New , Kaspersky Targeted Security Solutions , Kaspersky technologies protect you against viruses , Kaspersky Technology Partnerships , Kaspersky Threats , Kaspersky to protect servers running Microsoft Windows , Kaspersky Total Security for Business , Kaspersky Trial Versions , Kaspersky Trials & Updates , Kaspersky Trojans , Kaspersky Try for free , Kaspersky two-way firewall , Kaspersky Virus News , Kaspersky Web Control technologies , Kaspersky Webcasts , Kaspersky White List Program , Kaspersky will be available from the Kaspersky Lab online store , Kaspersky worms , Kaspersky's internal testing shows the new Kaspersky Mobile Security is up to 10 times faster , Kaspersky’s anti-malware technologies , Kaspersky’s Application Control , Kaspersky’s award-winning anti-malware technologies , Kaspersky’s centralised management console , keyloggs , lasers , list of porn site in india , looking at anti-theft measures , losses stemming from critical data leakage , Mac users should use a security software package like Kaspersky Security for Mac as standard , making it the world’s most malicious Trojan for the Android platform , malicious application plaguing a Windows device , Malicious NetTraveler Toolkit Infects 350 High-Profile Victims , Malicious NetTraveler Toolkit Infects 350 High-Profile Victims for Data Theft and Surveillance , malicious programs with integrated rootkit functionality , Malware , malware advantage of hitherto , malware by borrowing advanced functions , malware is named Backdoor , malware samples , malware unknown weaknesses in the Android platform , medicine and communications , middle east , military contractors and activists , Mr. Jagannath Patnaik Director - Channel Sales Kaspersky Lab , Mr. Ravi Lakshman K CEO Sakri IT Solutions , MRG Effitas award , MRG Effitas’ highest award - 5 stars , MRG Effitas’ Real World Protection Test , nalytical authority B2B International and Kaspersky Lab , nanotechnology , new Kaspersky PURE 3.0 , New version of Kaspersky Mobile Security launched , North America , North America (70%) , nuclear power , Oleg Ishan Director of the Anti-Malware Research Unit Kaspersky Lab , Oleg Ishanov , Oleg Ishanov Director of the Anti-Malware Research Unit Kaspersky Lab , On a computer this can be done by mousing over the sender address field , pakistan pornsite , phishing , phishing attempts and harmful websites , porn site banned in india , Pranav Bhayani , prevent cybercriminals from using stolen credit card data , Products for Enterprise Business , Products for Home , quick heal , Quickheal antivirus , ransomware , research centers , Researchers did not incorporate data about some losses and expenses incurred by a comparatively small number of surveyed companies , rootkits , Russia (71%) , Sachin tendulkar Brand Ambassador Kaspersky Lab , Sakri National Distributor for kaspersky india , Sakri website www.sakri.in , similar attacks , software and other infrastructural updates , Some products only detected 58% of the Android malware tested , South America , South America (72%) , specialists from AV-Test.org focused on assessing how well security solutions could identify and block malicious programs , spyware , such as costs stemming from the need to release a public statement about the incident , such as services@apple.com , suite of popular applications , Symantec Norton antivirus , Targeted Security Solutions New , Technical support manager Kaspersky Lab South Asia , The average detection rate among all the solutions tested was 96%. In addition , The experts also looked at the impact of security products on smartphone performance , The high cost of a security breach: one serious incident could cost $649k , the highest volume of activity occurred from 2010 – 2013. Most recently , The link directs the user to a phishing site that imitates , The main distribution method used by cybercriminals to direct users to the fraudulent Apple sites are predominantly phishing emails posing as Apple Support with fake alias names in the “Sender” field , The malware which has recently been discovered , The messages would typically request users to verify their account by clicking on a link and entering their Apple ID information , The NetTraveler group has infected victims across multiple establishments in both the public and private sector , the NetTraveler group’s main domains of interest for cyberespionage activities include space exploration , the NetTraveler toolkit was able to install additional info-stealing malware as a backdoor , the oil and gas industry , The results showed that Kaspersky Mobile Security successfully blocked 99.29% of the 2545 malicious applications used in the test , the surreptitious Obad.a utilises Android bugs. Backdoor malware transmitted through Bluetooth and Wi-Fi connections , The testing also considered which additional features were on offer in each solution , These emails are deceptively clever and professionally designed in order to make them appear authentic , they should manually enter website addresses into browser windows , third parties making unauthorised purchases using your Apple ID , This process involves sending a four-digit code to one or more previously selected devices belonging to the user , This serves as an additional verification and prevents undesired changes being made on the my Apple ID site , this threat actor has been active since as early as 2004 , This will protect Mac users in real-time against viruses , To guard against fraud attempts , Total Security for Business New , trojans , Users should not follow links in questionable emails to access websites , users should touch the email alias from the sender , Users should verify email address aliases from Apple by checking the original sender address first , Users who still want to use such links should carefully check their content and the address of the website they link to. In addition , Vittorio Boero Ferrari Chief Information Officer , Western Europe , When users click on links from email messages on iOS devices the complete URL address is hidden from them when the page is downloaded and opened through Safari , When using a mobile device , which can be done by clicking on a link in the message , which expands the alias to show the full address of the sender , which is a family of malicious programs used by APT , which is typically the case when iOS users are running Safari on their iPhone or iPad devices , which reveals the sender alias’ true email address , Why Kaspersky? Kaspersky Kaspersky Management Team , Windows 7 SP 1 32 bit , word documents and files. In addition , World’s Most Dangerous Virus , World’s Most Dangerous Virus For Android
Continue Reading