Apple users have become prime targets of several phishing campaigns in 2016. Security researchers have discovered that since the start of the year, assorted phishing attacks have emerged targeting iCloud users in the UK and China.
US cybersecurity firm FireEye analysed two separate phishing attacks, one of which targeted Apple users in China and was first identified in March. The other was found to target UK Apple users and was first uncovered in January. FireEye reported that the phishing campaigns use fake Apple domains designed to lure victims into providing their Apple IDs and passwords, which can then be used by hackers to gain control of victims' devices and "make purchases via the Apple Store".
FireEye said in its report: "Since January 2016 we have observed several phishing campaigns targeting the Apple IDs and passwords of Apple users." The firm added that the specific phishing attacks were "unique" in that unlike other such cyberattacks, "they are serving the same malicious phishing content from different domains to target Apple users".
One of the phishing kits targeting Chinese Apple users, dubbed Zycode, was found to have been mirroring over 30 Apple domains. The kit would be presented to users as an Apple ID login page, specifically designed to dupe users into providing the details of their Apple IDs. "Since January 2016 to the time of writing, the [malicious domain detection] system marked around 240 unique domains that have something to do with Apple ID, iCloud, or iTunes. From these 240 domains, we identified 154 unique email registrants with 64 unique emails pointing to qq.com, 36 unique Gmail email accounts, and 18 unique email addresses each belonging to 163.com and 126.com, and a couple more registered with 139.com," said FireEye.
FireEye added: "The majority of these domains were registered by individuals having email addresses pointing to Chinese services – registrant email, contact and address information points to China. Additionally, the domains were serving phony Apple webpages in Chinese, indicating that they were targeting Chinese users."
"While filling out this form, we observed that the country part of the address drop-down menu only allowed address options from England, Scotland, and Wales, suggesting that this attack is targeting these regions only," FireEye noted.
Given the recent rise in such scams, Apple issued a warning earlier in the year to its users informing them of such phishing attacks and advising them to remain cautious of websites requesting Apple ID details and to refrain from providing "Apple account information on any non-Apple website".