Apple phishing attacks up, warns Kaspersky Lab

Spam emails with links to fraudulent websites are increasing as the theft of Apple IDs and credit card information escalates

The number of spam emails containing links to fraudulent websites is increasing as the theft of Apple IDs and credit card information escalates, warns Kaspersky Lab.

According to Kaspersky Lab, the number of phishing attempts involving copies of Apple's official website,, is up from 1,000 attempts a day in 2011 to an average of 200,000 a day now.

Researchers note enormous daily fluctuations, with cyber criminals appearing to time phishing attempts to coincide with Apple’s marketing campaigns.

On 6 December 2012 – immediately after the opening of iTunes stores in India, Turkey, Russia, South Africa and an additional 52 countries – Kaspersky Lab detected a record of more than 900,000 phishing attempts on Apple users in a single day.

Cyber criminals are using tried and tested methods to access Apple user data, including emails purporting to come from [email protected] or Apple Customer Support.

These emails are usually professionally written, feature the Apple logo, and may even include links to “Frequently Asked Questions” to convince sceptical users.

The emails also contain links to faked Apple websites, where users are requested to enter their Apple ID and/or password. This information is then stolen and misused by cyber criminals.

In another variation, Apple customers have their credit card data stolen directly. This is done by sending users an email requesting they verify the credit card information attached to their Apple IDs.

They are then asked for their credit card type and number, as well as its expiry date, the card verification code, their date of birth and other identifying details.

One way to distinguish between real websites and counterfeits created for phishing purposes is to look at the address bar, said Kaspersky Lab.

While most counterfeit sites have the word “” as part of their address (URL), experienced users should be able to detect forgeries by examining the complete address.

But this is more difficult when the address bar cannot be seen, such as when the Safari browser is used on mobile devices like the iPhone and iPad.

Fraudsters can also construct websites in such a way that the genuine address is incorporated into the site as an image, which is displayed at the top of the screen as expected.

According to Kaspersky Lab, users should first check whether any emails they receive requesting them to enter certain information actually come from Apple. By mousing over the address field, recipients can see if the true sender is Apple or not.

To guard against fraud attempts, Apple also provides a two-step authentication process for Apple IDs. This process involves sending a four-digit code to one or more previously selected devices belonging to the user.

This serves as an additional verification and prevents undesired changes being made on the “my Apple ID” site or, for example, third parties making unauthorised purchases using your Apple ID. However, it does not prevent cyber criminals from using stolen credit card data.

Kaspersky Lab recommends that users should not follow links in questionable emails to access websites. Instead, they should manually enter website addresses into browser windows. Users who still want to use such links should carefully check their content and the address of the website they link to and install a security software package.

Read more on Privacy and data protection