Kaspersky reports increase in Apple phishing attempts this year
So far this year, Apple customers have been exposed to an increased number of phishing attempts according to a study done by Kaspersky Labs. The study shows a greatly increased number of phishing emails purporting to come from Apple in the first five months of this year when compared to the number of Apple-related phishing attempts detected in 2011. More specifically, Kaspersky seems to be looking at the number of attempts to access phishing sites that have been blocked by their products.
Phishing scams send legitimate (or sometimes not so legitimate) looking emails that appear to come from companies that a person may have a real account with, such as Apple. While the contents of the emails vary, they often provide a link to click asking you to confirm your account, reset your password, or provide some other sensitive information. The biggest reported spike in phishing attempts so far took place last December. The day after iTunes stores launched in 56 new countries, including India, Turkey, Russia and South Africa, Kaspersky saw an all-time high of 900,000 phishing attempts directing users to fake Apple sites.
These phishing emails will usually have a falsified "from" address, such as firstname.lastname@example.org. People should be careful to not rely on the from address of an email, as they can be easily spoofed. A more reliable source to look at are the raw headers of the email to see the servers that the email has gone through, and where it originated from.
People should also be cautious of the links in these emails. The URL will usually contain Apple in it somewhere to try and trick people into thinking they're on Apple's site, but if you look closely these scam URLs won't have apple.com as the root of the address. It's also a safe bet that if you're clicking on a legitimate link from Apple, you will see a green lock icon up in the address bar of your browser, indicating that the site you are on is using a trusted SSL certificate to encrypt your traffic. Clicking on the icon provides additional information confirming the identity of the site. Phishing sites often employ no SSL, or sometimes they will offer a certificate that is marked as untrusted or unverified.
Finally, unless you were expecting to get an email from Apple, if you recently submitted a request to reset your password for instance, you should probably avoid clicking on the link all-together. Instead, navigate to Apple's site in your browser manually. You can manage your Apple ID at appleid.apple.com. If Apple needs you to add anything to your account or reset any information, you should be able to do it from that site just fine, without needing to click that link in your email. Among other account management features, My Apple ID is also where you can enable two-step verification. Having two-step verification enabled on your account will help make sure that even if you do get tricked by a phishing attack, the scammers won't be able to log in to your account unless they're also in possession of one of your trusted devices, which would be unlikely.
After the recent security threat to Apple's Developer Portal, a number of people have taken to various outlets to report phishing emails they have received. An increase in phishing attempts as a result of the Developer Portal incident is certainly possible, or it could just be that people are more aware of these scams as a result of the threat. Either way, phishing scams aren't going away any time soon and users should remain vigilant in their awareness of such scams even when there have not been any recent threats.