Kaspersky Lab identifies increase in Apple Phishing scams as Cybercriminals target Apple IDs and financial credentials

Kaspersky Lab published a phishing report that analyzed the dramatic increase of cybercriminal campaigns designed to steal users' Apple IDs and account information by creating fraudulent phishing sites that try to imitate the official apple.com site. Cybercriminals are using the fake Apple sites to try and trick users into submitting their Apple ID credentials, which would enable the criminals to steal the users's account login and access the victim's personal data, information and credit card numbers stored on their iCloud and iTunes accounts.

From January 2012 through May 2013 Kaspersky Lab's cloud-based Kaspersky Security Network (KSN) detected an average of 200,000 attempts per day of users trying to access the phishing sites, which were triggered each time a user running Kaspersky Lab's products was directed to one of the fraudulent sites.

The increase in average detections is a marked increase compared to 2011, which averaged only 1000 detections per day. Kaspersky Lab's web antivirus module successfully detected and prevented its users from accessing the sites, however, the increase in detections shows how these scams are becoming more commonly used by cybercriminals for phishing campaigns.

Kaspersky Lab's experts analyzed the cybercriminals' behaviour and patterns on a daily and monthly basis, noticing that fluctuations and increases in phishing attempts often coincided with large events from Apple. For example, on December 6, 2012, immediately following the opening of iTunes stores in India, Turkey, Russia, South Africa and an additional 52 countries, Kaspersky Lab detected an all-time record of more than 900,000 phishing attempts directing to fake Apple sites in a single day.

The main distribution method used by cybercriminals to direct users to the fraudulent Apple sites are predominantly phishing emails posing as Apple Support with fake alias names in the "Sender" field, such as services@apple.com. The messages would typically request users to verify their account by clicking on a link and entering their Apple ID information. These emails are deceptively clever and professionally designed in order to make them appear authentic, including the use of Apple's logo and presenting the message with similar formatting, coloring and style that Apple uses.

One way to distinguish between real websites and counterfeit ones created for phishing purposes is to look at the address bar of the website, said Kaspersky Lab.