Apple users have fallen prey to a phishing attack by cybercriminals who want to gain access to their Apple ID credentials. A number of users claim to have received messages from AppleInc stating their Apple ID was about to expire and requesting them to click on a link to keep the account active.
The message reads, "[User's name] Your Apple ID is due to be expire today. Prevent this by confirming your Apple ID at [URL]- Apple Inc." The message at first appeared to be urgent and encouraged users to click on the link without providing them time to verify the authenticity of the message.
By clicking on the link a users is redirected to a replica of the real Apple ID login page. The fake website is designed to get personal information of users, which could be used to commit fraud, or even sold, blogged security expert Graham Cluley.
Once the username and password is entered, users would be notified saying their Apple ID has been "locked for security reasons". To unlock the Apple ID, the phishing site then asks users to enter further personal details such as date of birth, telephone number, address and credit card details. What's more is that the site even asks security question options such as driving license number and passport number.
"It tried to grab personal information and credit card details with the aim of committing identity theft," Cluley told BBC, "They deliberately took advantage of people's trust in the Apple brand to steal information."
"Avoid clicking on links in emails because they might take you somewhere phishy. Instead go to the website directly and log in that way," advised Cluley.
Apple has, meanwhile, alerted users about identifying legitimate emails coming from the iTunes Store. It warned users any email containing attachment or link to non-Apple websites from sources other than Apple, although they might appear to be legitimate iTunes Store, are malicious and should not be opened. Hence, users should not enter Apple account information on any non-Apple websites.
It is important to note that iTunes Store will never ask users for their social security number, mother's maiden name, full credit card number nor its CCV number. "Phishers create elaborate websites that look similar to iTunes, but their sole purpose is to collect your account information. Often, a fake email will ask you to click on a link and visit one of these phishing websites to update your account information," Apple warned.