Apple Apologizes After Stolen Apple ID Credentials Aided in Phishing Attack in China

[Juicy Box]

Just curious why this is in the political and social forums?

Could be unconscious racism.

Labeling everything as racism helps desensitize people to true racism.

The last paragraph has many political stories related to Apple's issues in China. Not to mention all the recent China spying server chip news lately. There are multiple reasons to have this thread tagged political, and none of that has to do with race.

China remains important to Apple's overseas expansion plans, but the company has faced numerous speed bumps in this regard over the years. In 2018, Apple moved Chinese iCloud data to state-owned China Telecom, which brought up user privacy concerns; faced an issue with an overabundance of illegal gambling apps on the Chinese iOS App Store; and is now attempting to clamp down on iMessage spam in the country.

 

[Mousse]

A lot of users are not on 2FA because that’s still an option Apple offers. If the option exists, Apple should be responsible for protecting user data even when 2FA is not enabled.

Do you understand how a phishing works? It's social engineering and the ONLY reliable protection against social engineering scams is the stuff between the ears. You can't protect people from their own gullibility. If it's Apple's responsibility, then they would have sent assassins to take out that Nigerian prince or my Uncle Bob, from a country I've never heard of before, telling me about a certain inheritance or the foreign lottery agent.
My wife received an unsolicited call claiming to give disability benefits for our autistic son. The sent a packet to our house with a mostly pre-filled form; answer a few questions, sign and FedEx back to 'em no charge. I looked through the packet and asked if she called them or they called her. They called her. Red flag! I tossed it in the trash because I didn't like some of the clauses in the contract ($6000 fee or 25% of benefits). Also, my son isn't nonfunctional to the point of disability, which threw up more red flags. If looks like a duck, weighs as much as a duck, it's probably a witch.

 

[dannyyankou]

I’ve gotten these exact emails many times before. It’s easy to spot a fake.

But anyway, that’s nice of Apple apologizing for something they’re not directly responsible for.

 

[burgman]

Because this is about Apple kowtowing to China.

Idiots in China declined two factor authentication, then fell for a phishing attack, and so they lost money. It's hard to say it's Apple's fault here, but rather than defend themselves, Apple is just jumping straight to apologizing.

It’s called good business, apologies for inconvenience is not kowtowing. Except maybe to John Wayne wannabes

 

[iGeek2014]

Really?! It's illegal in the UK.

And rightly so; never got to meet my Uncle as he was killed before seat belts were compulsory-he was crushed to death by a rear seat passenger.

I’ve gotten these exact emails many times before. It’s easy to spot a fake.

But any, that’s nice of Apple apologizing for something they’re not directly responsible for.

Some of the fake emails can look very convincing sometimes... woke up the other morning and half asleep noticed I’d had an email from “Apple”-had to do a double take as it looked very authentic!

 

[Taipan]

Bad move to apologize. Now even less people will get it that it was not their fault.

 

[alpi123]

Apple doesn't need to apologize to people for being dumb and believing phishing sites.

 

[szw-mapple fan]

If you are saying that 2FA should be forced then you are being naive. Apple’s devices are used by people who could never manage 2FA. We are not talking about AWS here where the user base is all highly technical.

Forcing 2FA would be like a front door lock that always automatically locked when you closed the door. People need freedom to choose but it also makes them accountable for that choice.

No, I'm saying that as long as the non-2FA option is available, it't Apple's responsibility to protect the data of the users who are not on 2FA.

 

[Scottsoapbox]

Just curious why this is in the political and social forums?

The wildly varied responses to this are quite entertaining.

 

[GadgetBen]

If you haven't enabled TFA then don't complain if you get hacked.

 

[szw-mapple fan]

Putting your seatbelt on while driving is optional as well.

That's like saying sticking your hand in a food mixer is an option. Unlike 2FA, not putting on seatbelt is not an option officially supported by car manufacturers.

 

[Fzang]

Every apology missed is a billion yuan missed. That’s how the Chinese government works.

 

[szw-mapple fan]

Do you understand how a phishing works? It's social engineering and the ONLY reliable protection against social engineering scams is the stuff between the ears. You can't protect people from their own gullibility. If it's Apple's responsibility, then they would have sent assassins to take out that Nigerian prince or my Uncle Bob, from a country I've never heard of before, telling me about a certain inheritance or the foreign lottery agent.
My wife received an unsolicited call claiming to give disability benefits for our autistic son. The sent a packet to our house with a mostly pre-filled form; answer a few questions, sign and FedEx back to 'em no charge. I looked through the packet and asked if she called them or they called her. They called her. Red flag! I tossed it in the trash because I didn't like some of the clauses in the contract ($6000 fee or 25% of benefits). Also, my son isn't nonfunctional to the point of disability, which threw up more red flags. If looks like a duck, weighs as much as a duck, it's probably a witch.

You don't need to send assassins to prevent user phishing. Phishing attacks are preventable if things like trusted devices etc are implemented more throughly. For example, a lot of online banking don't have 2FA, but would throw up a lot of red flags if the log in is from an unknown device or IP. Apple's should be better at recognizing when the log in attempt is abnormal.

 

[omihek]

"We're sorry you're too stupid to enable 2FA and/or not fall for phishing scams."

 

[unplugme71]

A lot of users are not on 2FA because that’s still an option Apple offers. If the option exists, Apple should be responsible for protecting user data even when 2FA is not enabled.

While true, there’s still not much more they can do. It comes down to user training. Maybe Apple can make a video on how to create a password but you all know everyone watching it would use their example.

 

[bwillwall]

They never responded this way when phishing attacks happened to Americans...

 

[Sefstah]

Just curious why this is in the political and social forums?

Because MacRumors doesn’t want to get hacked by the Chinese.

 

[coolfactor]

This reminds me of the time my wife's iTunes gift card balance was wiped out through the purchase of Chinese apps. Apple did nothing for us.

Do you expect Apple to replace those funds for you? Who's responsibility was it to keep the funds safe and secure? Yours.

Apple is apologizing in China from a cultural standpoint, not because they are treating China better than anyone else.

 

[Zimmy68]

Apple just issued this update"

 

[ArtOfWarfare]

Putting your seatbelt on while driving is optional as well.

Really?! It's illegal in the UK.

Putting your seatbelt on while driving is not really optional... US law requires that the car annoys you while seatbelts are not fastened. In every state except New Hampshire, it's against the law to not wear your seatbelt, and even in New Hampshire, it's still required if you're under the age of 18.

 

[DNichter]

Solid gesture by Apple, although there isn't a ton they can do aside from force 2FA.

 

[pat500000]

Apple is always sorry.

 

[Xgm541]

It seems like everyday for almost two week US tech giants are having to scramble to deal with bad-news stories emanating from their operations and dealings with China.

Nothing to see here of course.

Qanon is the new Rick roll.

 

[ronntaylor]

You don't need to send assassins to prevent user phishing. Phishing attacks are preventable if things like trusted devices etc are implemented more throughly. For example, a lot of online banking don't have 2FA, but would throw up a lot of red flags if the log in is from an unknown device or IP. Apple's should be better at recognizing when the log in attempt is abnormal.

Shouldn't that apply to Alipay and WeChat since the phished accounts were able to deplete funds using their systems? Where's Alipay's and WeChat's apologies?

 

[DaveN]

They are phising here (USA) to. I received two phising emails in two days. Here is the latest one. Hovering over the links 'back' to apple shows they do not go to Apple.com but a spoofed Apple site.

The links in today's email go to clickmetertracking.com + a tracking ID
The links in yesterday's email go to ow.ly + a tracking ID