Menu
Hackers launch Apple ID phishing campaign playing on iCloud security worries

Hackers launch Apple ID phishing campaign playing on iCloud security worries

Phishing emails masquerade as security alerts from Apple about rogue iTunes purchases, researchers from Symantec said

The hackers behind the Kelihos botnet are trying to capitalize on users' increased awareness about the security of Apple online accounts through a new phishing campaign.

According to security researchers from Symantec, the Kelihos botnet has started sending spam emails that purport to be security alerts from Apple informing recipients that a purchase was made using their Apple ID from the iTunes Store. Apple IDs are the accounts that customers use to access Apple's online services.

The rogue emails bear the subject "Pending Authorisation Notification" and claim that the purchase was made from a computer or a device not previously linked to the user's Apple ID, the Symantec researchers said Friday in a blog post. The emails list an IP (Internet Protocol) address from where the purchase was allegedly initiated and a corresponding physical location of Volgograd, Russia, they said.

The fake messages instruct users to click on a link if they didn't initiate the purchase. The link leads to a phishing site that masquerades as the Apple ID log-in page and harvests credentials inputted by users for later misuse.

The use of fake security alerts as phishing bait is not a new technique. However, because this particular attack comes shortly after a widely publicized event where a number of celebrities had their iCloud accounts broken into, it might trick a larger number of users than a typical phishing campaign.

One week ago news broke out that hackers stole nude photographs from the iCloud accounts of a number of female actresses and models and leaked some of them on public websites.

There was initial speculation that the leaks might have been the result of a brute-force password guessing attack via the "Find My Phone" feature, but Apple later said that the leaks were the result of a "a very targeted attack on user names, passwords and security questions" and not that of a breach of the company's cloud-based systems.

The incident received so much attention online and in the media that it even prompted a response from Apple CEO Tim Cook, who told the Wall Street Journal that the company will start sending security notifications to users via email and push messages when iCloud account changes occur.

"It is possible that the timing of the [phishing] campaign is not a coincidence and the controllers of the botnet are attempting to exploit public fears about the security of Apple IDs to lure people into surrendering their credentials," the Symantec researchers said.

The Kelihos botnet authors are adept at exploiting current events. In August they launched a spam campaign that encouraged Russian-speaking users to install a program on their computers so they can be used in distributed denial-of-service (DDoS) attacks against Western government websites in response to the recent international sanctions against Russia. The emails actually linked to a variant of the Kelihos malware, not a DDoS program.

To prevent unauthorized access to their accounts even when their user names and passwords are compromised, users are advised to turn on two-step authentication for their Apple ID accounts.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Appleonline safetysymantecsecurityAccess control and authenticationscamsIdentity fraud / theft

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments