A new phishing campaign is now targeting owners of Apple gadget owners, disguised as a password reset message, a security vendor warned over the weekend.
Bitdefender said the scam claims it can help Apple ID users safely change their Apple ID passwords —but not without asking them for their login data first.
"Making use of social engineering, the scammers trick users into willingly handing over identification data to their Apple accounts. Crooks included in the message body no fewer than three links towards Apple’s support pages – the one dedicated to those who forget their passwords to help them reset the password 'if in doubt', one to the questions and answers section and the third to the alleged Apple support page – AppleID – if the user wants to 'review and update security settings,'" it said in a blog post.
It said the three links in the cybercrooks' email message lead the user to spoofed pages created to collect account IDs and passwords.
Once users type in their log-in username and password on the fake login page, "they will in fact hand the critical data to crooks," Bitdefender said.
Bitdefender warned the message this time is "clean, to the point, and in perfectly correct and formal English."
It added the simple signature “Apple Customer Support” will offer no clue about the scam.
Bitdefender noted accessing one's Apple ID data allows an attacker to access a series of services and options, including buying apps at the victim’s expense.
Worse, it allows the hackers access to the victim's data in iCloud.
"From the iCloud user account, someone can locate, wipe, lock the registered gadgets. Imagine how dangerous a crook with access to the user’s ICloud account can be: they can literally track the user as long as they have their iPad or iphone on them. They can access users’ documents, both personal and work-related, since the iCloud is the default save location for all new created documents, presentations and spreadsheets," Bitdefender said.
Even worse, it said the attacker may access the victim's e-mail account and contact list, which are also available on iCloud. — TJD, GMA News