Apple Inc. (NASDAQ:AAPL) has recently slid into the world of two-step verification as an added security measure for many of its users which have an Apple ID to access iCloud, iTunes or the App Store. This comes in the wake of a series of hacks across many platforms in recent weeks, including a rare hack of an Apple operating system – which have historically been one of the hardest to crack.
Well, as this new verification process has been rolling out over the last few weeks, there have been reports of a new e-mail phishing scam making the rounds, where the message claims that a user’s Apple Inc. (NASDAQ:AAPL) ID will expire if it is not audited. The recipient of the -mail, if he or she actually does have an Apple ID, would click on a link in the e-mail and would be directed to what looks like an Apple ID login page.
It turns out, according to the cyber-security blog Trend Micro, that on more than 100 website URLs, these Apple Inc. (NASDAQ:AAPL) ID login pages are bogus, as those sites were compromised, though not hacked. However, the compromise does leave the web sites vulnerable to a hack or malware attack at some point. But the key is these URLs. When this e-mail phishing scam draws in an AppleID user, the user could enter his or her information on these bogus sites, and the information could then be used to gain access to all of Apple’s online products and services.
The interesting thing is that all of the more than 100 website addresses are in a single folder than others could see, but they are blocked from access if they try to open it. Trend Micro reports that all 110 sites seem to have been compromised from a single IP address, which is located in Houston. Many of the compromised sites have not yet been “cleaned,” and the fake login page still exists. When in doubt about sites that seem to be from Apple Inc. (NASDAQ:AAPL), it is advised that Apple ID users check in the browser bar in front of the website address for a locked padlock icon followed by an HTTPS security signature. If neither of these exist, then the site is likely bogus.
What do you think? Let us know your thoughts about this latest Apple Inc. (NASDAQ:AAPL) security-breach attempt in the comments section below. Do you have a phishing story? Let us know about it.