In the wake of the Apple Developer Center hacking and subsequent extended outage, identity thieves are increasing efforts to take advantage of the situation through a new round of targeted phishing attempts. As noted by ZDNet, a spike in fake emails purporting to be from Apple are reaching consumers’ inboxes, asking them to click a link in order to restore access to their Apple account.
Phishing is a practice used by hackers, spammers, and all manner of identity thieves to obtain a target’s personal information through the use of deception. Often, victims receive emails that appear to have been sent from a trusted source, such as a bank, a shopping website, or, in this case, Apple. The victims are informed by the email message of some problem or issue that requires them to “log in” and verify or change their personal information, and told that they will be locked out of their account until the steps requested by the email are completed.
Clicking the link contained in the fraudulent email takes the user to a website controlled by the thieves, although it is often mocked up to nearly identically match the claimed bank or company’s real website. Unsuspecting users then enter their login user name and password, potentially along with other personal information such as phone numbers, physical addresses, and even bank account information. The leaders of the phishing operating can then use this information to gain access to the customer’s real account at the bank or company and either sell the information online or steal money from the victim outright.
In the case of the recent surge in Apple phishing attempts, users receive an email that closely matches the style of Apple’s official email communications with customers. It suggests a connection to the Developer Center outage by telling users that they must log in to “get back into” their Apple account.
Image of Apple-Related Phishing Attempt via ZDNet.
Like many phishing attempts, however, the message is fraught with grammatical and stylistic errors which many users will hopefully spot in short order. But these errors may be easily overlooked by busy developers eager to regain access to their Developer Center accounts, and so we urge everyone to act with caution when dealing with any email that requests passwords or other private information.
Developers who want a safe and official way to keep track of Apple’s steps to restore the Developer Center can check out a special system status website that the company launched Wednesday.
