A new phishing website that mimics the Apple site has been detected in the wild, but fortunately for users has been blocked by Google as of this posting. Con artists, or in this case cyber criminals, have been secretly scraping off personal sensitive user data such as credit card information and email address through appleidconfirm(dot)net.
The website nearly perfectly copied Apple’s appearance, including the login page, except of course for the Web address. Criminals are able to apparently confirm that the Apple ID you would enter is valid using a malicious JavaScript code, but the true intention is only to steal valuable credentials that criminals can potentially use to siphon off large sums of money from your bank account.
It is still not clear whether the phishing site has a way of confirming an authentic Apple ID but it redirects unsuspecting users to a Web page ending with /?2 if the credit card number including Visa, Mastercard, American Express has been entered into a fake data field. You will then find yourself led to Apple’s purported site ending with /?3, which displays a “Success” page, after the smooth process.
All along, you might not know that all your personal information has been collected at your own risk. But that is precisely what is happening. It is just that the whole process looks genuine because of exact likeness of the phishing site to that of Apple’s. In fact, all the links displayed on appleidconfirm are just screenshots of the real Apple site and clicking on them leads to no functional page.
Additionally, you can observe from the address bar that the phishing site or any other such website does not use or begin with the HTTPS, which is now the default setting for major websites such as Google, Facebook, Yahoo and others.
It is not only to Apple that such imitation has been done, other popular websites have been victims as well. Phishing also comes in the form of email attachments or links contained in email message body. Users are lured into giving their credentials in what appears to be genuine company websites and are left with barely anything in the end.
It may sound so easy to prevent as a user, but technologically speaking, it takes a lot of investments to completely eradicate this kind of cyber crime. The best way by far to avoid falling prey to phishing is information dissemination and an increased awareness of how to stay safe online.
