Category: Apple

Apple ID account holders targeted by double chance phishing email

Apple ID account holders need to be cautious of a sophisticated phishing camping targeting your Apple ID, personal information and credit card details.

REMEMBER: You will have an Apple ID if you have registered to use iTunes or many other Apple products. You don’t need to own an Apple iPhone or Mac to have an Apple ID.

The phishing email looks official and currently includes the subject line “Update your Apple ID account”. Other known subject lines include: “Please update your Apple ID”, “Please verify the email address associated [sic] with your Apple ID”, and “Your Apple ID has been Disabled for Security Reasons”.
Similar versions could also reference iTunes.

The email includes a link which, when clicked, takes you to a fake, but realistic looking Apple website asking you to sign in to your account.

An example of the phishing email: clicking the “Update Now >” link
will take you to a fake Apple sign in page

The first fake Apple web page

If you enter your account details they are immediately sent to the scammer, however this is a two-stage scam, and once you have entered your Apple ID and password it will continue, taking you on to a second fake page where you are asked for further information including your credit card details.

The second fake Apple web page, seeking extra information

The fake website has been customised to specifically target Australian Apple ID account holders and features a number of design details tailored to lure Australians, such as a field requesting Medicare Card numbers and Australian flag  icons.

Some inconsistencies, such as the request for your “3D Secure” number or the placement of a Discover Credit Card logo (predominately US features), offer clues to suggest this is a fake page.
The most important indication that this is a scam is the assurance from Apple that they will not contact you seeking critical information via an unsolicited email.
If you need to log on to manage your Apple ID account or any other online service, source the website address independently of any such emails and type it directly into your browser.

Avoid  phishing  emails  

Always be suspicious of unsolicited emails.

Do not click links or open attachments unless you are confident about the sender and information the email contains. The best advice is to simply delete the email.

If you are uncertain about the origin of any email you can always cross check the information by going independently to the company’s website or by calling them directly.

Apple customers also have the option of activating two-factor authentication for their Apple account.

Source : www.staysmartonline.gov.au

Exploited Java flaw.

Apple was recently attacked by hackers who infected the Macs of some employees, in the widest known cyber attacks against Apple-made computers to date.

Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers, the company said in a statement.

The same software, which infected Macs by exploiting a flaw in a version of Oracle’s Java software used as a plug-in on web browsers, was used to launch attacks against Facebook this week.

The malware was also employed in attacks against Mac computers used by “other companies,” Apple said, without elaborating on the scale of the assault.

But a person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware.

The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers. Hackers have traditionally focused on attacking machines running the Windows operating system, though they have gradually turned their attention to Apple products over the past couple of years as the company gained market share over Microsoft.

“This is the first really big attack on Macs,” said the source, who declined to be identified. “Apple has more on its hands than the attack on itself.”

National security

Cyber-security attacks have been on the rise. In last week’s State of the Union address, US President Barack Obama issued an executive order seeking better protection of the country’s critical infrastructure from cyber attacks.

Over the weekend, cyber-security specialists Mandiant reported that a secretive Chinese military unit was believed to have orchestrated a series of attacks on US companies, which Beijing has strongly denied.

White House spokesman Jay Carney told reporters on Tuesday that the Obama administration has repeatedly taken up its concerns about Chinese cyber-theft with Beijing, including the country’s military. There was no indication as to whether the group described by Mandiant was involved in the attacks described by Apple and Facebook.

An Apple spokesman declined to specify how many companies had been breached in the campaign targeting Macs.

“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers,” the statement said.

“We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple,” it continued.

The statement said Apple was working closely with law enforcement to find the culprits, but the spokesman would not elaborate. The Federal Bureau of Investigation declined to comment.

Apple said it plans to release a piece of software today, which it said customers can use to identify and repair Macs infected with the malware used in the attacks.

Source : https://www.crn.com.au/News/333756,apple-hit-by-hackers.aspx?eid=4&edate=20130220&utm_source=20130220&utm_medium=newsletter&utm_campaign=daily_newsletter

By Jim Finkle and Joseph Menn on Feb 20, 2013 8:03 AM (42 minutes ago)
Filed under Security