Apple ID phishing scheme revealed
MANILA, Philippines - Trend Micro revealed a new scheme that criminals are using to grab at the average user's personal information: your Apple ID.
According to the report, 110 compromised sites are apparently posing as verification or log-in pages for a user's Apple ID. The URLs of these phishing sites share a common thread: they are all under a folder named ~flight. The directory folder contains pages that look like the Apple ID login page, but are actually sites that try to steal your personal information.
The phishing sites themselves were compromised rather than hacked, though they could be hacked or defaced if the sites remain compromised.
The 110 compromised sites are hosted at a specific IP address, 126.96.36.199, which is registered to an ISP in the Houston area.
The phishing attempts take on different forms, with some of them coming from spam emails. As Trend Micro explains, "Some versions of this attack ask not only for the user’s Apple ID login credentials, but also their billing address and other personal and credit card information." While they do say that access has been restored after a user has put in his information, that user's information has already been taken.
Trend Micro advises users to use two-factor authentication for their Apple IDs, and to check the legitimacy of a link before clicking it. - Rappler.com