Phishing scam piggybacks on Apple Dev Center hack
With people no doubt on edge after the hacking of Apple's Web site for developers, scammers are sending out bogus e-mails in an apparent effort to steal passwords.
The recent attack against Apple's Web site for developers has prompted a flood of phishing e-mails asking people to change their passwords.
Users have taken to Twitter to warn others of the attacks. But as convincing as the e-mail might be at a glance, grammar mistakes, a missing capital letter in "Apple," and a fake Apple domain for the Web site the e-mail points to mark the message and the site as bogus.
Still, scammers often use emotional responses to a recent event to induce panic in users -- which may make them less likely to double-check a domain or other details before frantically inputting their log-in details.
Phishing attacks are a relatively simple way to steal data. Users open an e-mail they believe to be legitimate and can then be duped into heading to a Web site and revealing sensitive information such as passwords or credit card numbers. Such sites may also install malware on a victim's machine.
Phishing campaigns have advanced from the days of terribly written English and laughable stories about millions waiting to be had in a foreign country. Now some scammers take pains to make sure an e-mail looks legitimate, from including company logos to adding fine print -- copyright information, legal disclaimers, and the like. Once they open an e-mail, users are often directed to legitimate-looking Web sites set up to store the credentials they input. It's best to be skeptical of e-mails from companies that request potentially sensitive information or ask you to click a link.
The original reason Apple's developer portal was taken offline may not have been malicious, but it has opened the floodgates for those with unsavory intentions.
Apple's Developer Center went down this month for "maintenance for an extended period," leading users to wonder whether the iPad and iPhone maker's Web site had suffered a security breach. Apple later admitted that "an intruder attempted to secure personal information of our registered developers from [the] developer Web site."
Ibrahim Balic, a London-based researcher, then took to Twitter to claim responsibility for the issues, stating that his intentions were not malicious, and the the tech giant had been informed of a total of 13 flaws. To prove his claims, Balic posted a YouTube video explaining the process, which was later removed. However, you can still view an embedded version here.
The home page is now accessible, but the members-only area remains closed. Apple is currently working to make sure every security vulnerability is removed, and the current status can be checked here.
Security firm Kaspersky Lab said this week that Apple-related phishing scams have skyrocketed in the last six months, with scammers focused on stealing log-in credentials and financial data.
This story appeared in a different form as "Apple hack exploited with new phishing campaign" on ZDNet.