Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old May 1, 2013, 11:15 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
New Apple ID Phishing Effort Compromises Over 100 Sites




As highlighted by The Next Web, security firm Trend Micro yesterday outlined a new phishing scam that has seen the perpetrators compromise over 100 sites in their attempts to gain access to users' Apple ID accounts. While Apple IDs are relatively popular targets for phishing scams, Trend Micro's analysis offers some interesting detail on the approaches used by the criminals.
Quote:
We've identified a total of 110 compromised sites, all of hosted at the IP address 70.86.13.17, which is registered to an ISP in the Houston area. Almost all of these sites have not been cleaned. [...]

We've seen attacks targeting not only American users, but also British and French users. Some versions of this attack ask not only for the user's Apple ID login credentials, but also their billing address and other personal and credit card information. It will eventually result in a page that states that access has been restored, but of course the information has been stolen.
Trend Micro's sample of a spam message designed to trick recipients into sharing their account information at the compromised sites shows a very poor attempt at copying Apple's email style, but inexperienced Internet users are undoubtedly still falling for the scheme.

Trend Micro offers a number of suggestions to help users protect themselves from phishing scams, including checking for consistent domains throughout email addresses and links included in an email and checking for indicators that the user is at a secure site associated with the correct company.

While phishing scams rely on the gullibility of users to direct them to fake account management sites, Apple has sought to increase account security on its own site with its recent introduction of two-step verification to help minimize the possibility of an unauthorized party gaining access to a user's account. That feature is, however, only available in a handful of countries for the time being.

Article Link: New Apple ID Phishing Effort Compromises Over 100 Sites
MacRumors is offline   0 Reply With Quote
Old May 1, 2013, 11:17 AM   #2
Kaibelf
macrumors 6502a
 
Kaibelf's Avatar
 
Join Date: Apr 2009
Location: Chicago, IL
Oh for Pete's sake! LOOK at the email. Putting a stupid Apple logo on the top doesn't mean people should suddenly lose the ability to see this obvious phishing attempt. By the way "inexperienced internet users" is irrelevant. The broken English and crazy wording should have been enough of a tip to ANY sensible person.
Kaibelf is offline   25 Reply With Quote
Old May 1, 2013, 11:18 AM   #3
macnerd93
macrumors 6502a
 
Join Date: Nov 2009
Location: United kingdom
that has to be the most unApple looking email ever. What was it made in MS paint? It would have looked legit in about 1997 LOL. Apart from the bad wording LOL
__________________
21.5'' iMac, iMac G4, iMac G5, Power Mac G5 Dual, PowerBook G4, MacBook Pro, MacBook, Mac mini C2D, eMac, Power Mac G4 AGP Graphics, Power Mac G4 Quicksilver, iPod 4th Gen, iPad mini, iPhone 5S,
macnerd93 is offline   5 Reply With Quote
Old May 1, 2013, 11:18 AM   #4
WestonHarvey1
macrumors 68000
 
Join Date: Jan 2007
Why you email he sent, indeed.
WestonHarvey1 is offline   27 Reply With Quote
Old May 1, 2013, 11:18 AM   #5
Creep89
macrumors regular
 
Join Date: Mar 2012
Quote:
Why you email he sent?
Yay, better enter my Apple ID.
Creep89 is online now   8 Reply With Quote
Old May 1, 2013, 11:18 AM   #6
edolecki
macrumors newbie
 
Join Date: Mar 2009
These things mostly seem to have really terrible grammar. So easy to spot I would think.
edolecki is offline   7 Reply With Quote
Old May 1, 2013, 11:18 AM   #7
Xavier
macrumors 68020
 
Xavier's Avatar
 
Join Date: Mar 2006
Location: Columbus
Read before you click? I mean, come on, seriously?
Xavier is offline   6 Reply With Quote
Old May 1, 2013, 11:18 AM   #8
MonkeySee....
macrumors 68040
 
MonkeySee....'s Avatar
 
Join Date: Sep 2010
Location: UK
If any of you fall for that email, raise your hand and hit yourself with it.
__________________
If you’re busy making everything, how can you perfect anything? - Apple

Always keep the rhythm in your feet and a little party in your shoulders. - Phil Dunphy
MonkeySee.... is offline   32 Reply With Quote
Old May 1, 2013, 11:19 AM   #9
Frign
macrumors member
 
Join Date: Aug 2011
Quote:
Originally Posted by Kaibelf View Post
Oh for Pete's sake! LOOK at the email. Putting a stupid Apple logo on the top doesn't mean people should suddenly lose the ability to see this obvious phishing attempt.
It is bloody hilarious that the Apple-Logo not even has the right aspect ratio, let alone proper use of upper- and lowercase.

For reference:

Who falls for this?
__________________

FRIGN.de
Frign is offline   7 Reply With Quote
Old May 1, 2013, 11:20 AM   #10
andalusia
macrumors 68030
 
andalusia's Avatar
 
Join Date: Apr 2009
Location: Manchester, UK
I've received this before. I cannot believe anybody could fall for it. It's such a pathetic attempt to look official... well I guess they all are. People are numpties.
__________________
Signature deleted.
andalusia is offline   2 Reply With Quote
Old May 1, 2013, 11:21 AM   #11
jafingi
macrumors 65816
 
jafingi's Avatar
 
Join Date: Apr 2009
Location: Denmark
Yeah that looks legit!

Hahahahaha, it's so hilarious with that Apple logo aspect ratio

The guys who send these should have used 10 minutes to just create a legit e-mail.
__________________
Late-2013 15" rMBP (2GHz, 16GB DDR3, 256GB SSD, Iris Pro) iPhone 5 16GB iPad Mini 16GB WiFi iPad 2 16GB WiFi + a lot of old Apple stuff
jafingi is offline   1 Reply With Quote
Old May 1, 2013, 11:21 AM   #12
narimonk
macrumors regular
 
Join Date: Jul 2010
Location: Sacramento, CA
Send a message via MSN to narimonk Send a message via Yahoo to narimonk
You'd really think the fact that the very first word isn't capitalized would make it obvious.
__________________
~17" MacBook Pro~ ~2.13 Ghz MacBook Air~
~White iPhone 3GS 32GB~ ~Black iPhone 4 32GB~
~32GB iPad 3G~ ~Apple Employee!~
narimonk is offline   2 Reply With Quote
Old May 1, 2013, 11:23 AM   #13
Laird Knox
macrumors 65816
 
Join Date: Jun 2010
That email true is. They fix helped me my Loging correctly. You should send infos by next 48 hours!
Laird Knox is offline   10 Reply With Quote
Old May 1, 2013, 11:23 AM   #14
Waxhead138
macrumors member
 
Join Date: May 2012
I Disagree Completely!

Quote:
Originally Posted by WestonHarvey1 View Post
Why you email he sent, indeed.

Oh come on people, of course this is real....I'd answer an email from Yoda's retarded cousin any day of the week and give them whatever they ask for!
Waxhead138 is offline   6 Reply With Quote
Old May 1, 2013, 11:24 AM   #15
dXTC
macrumors 68000
 
dXTC's Avatar
 
Join Date: Oct 2006
Location: Up, up in my studio, studio
"...otherwise your session using Apple id and password."

Otherwise your session using Apple id and password what? Wow, you'd think the criminals trying to phish here would use at least somewhat complete sentences.

On the other hand, anyone saying that this is oh-so-easy to spot might just be overestimating the IQ of some e-mail users. There are people who still fall for the Nigerian scams.
__________________
dXTC
stuff: iMac 21.5" i3 · MBP 17" · Two 5g iPod nanos · iMac G4 · and more
...geeve to me LAAAHRGE keess!
dXTC is offline   0 Reply With Quote
Old May 1, 2013, 11:25 AM   #16
See Flat
macrumors member
 
Join Date: Oct 2007
Quote:
Originally Posted by narimonk View Post
You'd really think the fact that the very first word isn't capitalized would make it obvious.
It's a test of Darwin's law.

"Why you email he sent?"

Time to weed out people who should not have computers.
See Flat is offline   6 Reply With Quote
Old May 1, 2013, 11:25 AM   #17
Kaibelf
macrumors 6502a
 
Kaibelf's Avatar
 
Join Date: Apr 2009
Location: Chicago, IL
Quote:
Originally Posted by Frign View Post
It is bloody hilarious that the Apple-Logo not even has the right aspect ratio, let alone proper use of upper- and lowercase.

For reference:

Who falls for this?
Here's who falls for things like this:
http://www.nydailynews.com/news/nati...icle-1.1331161
Kaibelf is offline   3 Reply With Quote
Old May 1, 2013, 11:26 AM   #18
madsci954
macrumors 68000
 
Join Date: Oct 2011
Location: Ohio
All your base are belong to us.
madsci954 is offline   4 Reply With Quote
Old May 1, 2013, 11:27 AM   #19
ryansimmons323
macrumors regular
 
Join Date: Oct 2011
When you try to pull off a scam like this, use at least good spelling and grammar!!
ryansimmons323 is offline   1 Reply With Quote
Old May 1, 2013, 11:27 AM   #20
dejo
Moderator
 
dejo's Avatar
 
Join Date: Sep 2004
Location: The Centennial State
Quote:
We've identified a total of 110 compromised sites, all of hosted at the IP address 70.86.13.17, which is registered to an ISP in the Houston area. Almost all of these sites have not been cleaned. [...]
I don't understand what this means.

Anyone care to enlighten me?
__________________
dejo is offline   1 Reply With Quote
Old May 1, 2013, 11:28 AM   #21
ravenstar
macrumors newbie
 
Join Date: Jan 2005
You know, lately I've seen so many poorly worded spams, that I wonder if it's not intentional? Are the spammers trying to get people to feel so gullible for falling for such obviously bogus messages that they won't dare complain about being swindled? Can you imagine going to the authorities and saying you received this message so you entered all your personal information and it was stolen?
ravenstar is offline   1 Reply With Quote
Old May 1, 2013, 11:28 AM   #22
Digital Dude
macrumors regular
 
Join Date: Oct 2008
Location: Arizona where freedom still means something
Oh, that looks totally real and legit to me! Only an idiot would respond to an unsolicited email like this.
BTW, I love 1Password which authenticates whether a site is real or not before it will post your pass & I.D. No, I don't work for these guys.
Digital Dude is offline   0 Reply With Quote
Old May 1, 2013, 11:28 AM   #23
sulpfiction
macrumors 68030
 
sulpfiction's Avatar
 
Join Date: Aug 2011
Location: Philadelphia Area
Anyone who falls for this fully deserves it. C'mon now.
sulpfiction is offline   0 Reply With Quote
Old May 1, 2013, 11:31 AM   #24
burnout8488
macrumors 6502a
 
Join Date: May 2011
Location: Endwell, NY
Outlook Express.

That is all.
__________________
Intel: 2012 MBA 13" Base
iOS: iPhone 6 16GB Sprint / iPad 2 - 16GB Verizon
burnout8488 is offline   2 Reply With Quote
Old May 1, 2013, 11:31 AM   #25
KPJLK
macrumors member
 
Join Date: Feb 2008
Quote:
Originally Posted by ravenstar View Post
You know, lately I've seen so many poorly worded spams, that I wonder if it's not intentional? Are the spammers trying to get people to feel so gullible for falling for such obviously bogus messages that they won't dare complain about being swindled? Can you imagine going to the authorities and saying you received this message so you entered all your personal information and it was stolen?
There is a theory that the presentation is deliberately bad so that only the stupidest people will respond, resulting in fewer pull-outs and thus a higher success ratio from the responses. Spammers/scammers don't like their time being wasted
KPJLK is offline   6 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
PlexConnect is worth the effort with Apple TV Mr. Zarniwoop Apple TV and Home Theater 52 Sep 19, 2014 01:53 AM
Another Apple ID phishing scam Jessica Lares Community Discussion 2 Sep 23, 2013 07:53 PM
Apple Phishing ? TayHarley Mac Basics and Help 2 Aug 6, 2013 05:11 PM
Apple Phishing Scam yrsued Community Discussion 1 Jun 18, 2013 01:56 PM
Arguments and compromises every Hardcore apple fan will make tomorrow.. I'll start djarpit iPhone 73 Sep 11, 2012 10:23 PM

Forum Jump

All times are GMT -5. The time now is 11:57 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC