Researchers at the Comodo Antispam labs have identified a new global phishing threat which is aiming to steal Apple ID login credentials and credit card information. The team team highlighted that according to Apple, there are 800 million Apple IDs active, so it would be a potentially highly lucrative attack.
The team noted that the phishing email itself is very well designed, having the Apple logo and including Apple physical address listed, as well as an email address that looks to be from Apple officials - giving the recipient the illusion of an email being authentic.
Warning the account owner that their account has been placed under certain limitations, a link is provided so they can re-direct elsewhere to fill in some information to ‘fix' the account. Once they click the link, users are sent to a page with a similar Apple look and feel, asking them to verify credit card information and passwords.
The phishing website originally discovered by team Comodo is already gone, but it is highly likely that the phishers have hundreds more that they could use, and are already sending email to those pages as well. Users are advised to act with caution.
Team Comodo identified the phishing email through IP, domain, and URL analysis, and are continuously monitoring and scanning data from the users.