Trend Micro Content Security engineers just received a timely Apple Store phishing email. This attack comes well after Apple introduced the 3G iPhone to the consumer market early last month—and conveniently nestled the week before it actually becomes available in stores (in most countries) next week.
Figure 1. Hovering your mouse above the link shows its real destination.
The URL loads the following phishing page that asks the user for personal information, such as the user’s credit card type, credit card number, expiration date, security code, billing address and social security number:
Figure 2.The phishing page features the same sleek Apple Store interface, but don’t be fooled.
This phishing page, like most other phishing attacks we’ve detected and filtered out, uses an insecure protocol (exhibited also by the lack of the lock icon). Knowing this useful tidbit can save target victims from losing their online identities to cyber criminals. Phished Apple credentials give fraudsters access to the Apple store, iTunes store, iPhoto, Apple product registration, and AppleCare services, and most important, the account holder’s credit card information.
Trend Micro users are already safe from threat. The rest, especially Apple customers, are likewise advised to use only their clean bookmarks when visiting sites where sensitive information are likely to be given out.