Pierluigi Paganini February 10, 2015

Security experts at Sophos spotted a new phishing campaign targeting iCloud users. The attackers are interested in the victims’ financial data.

Sophos security firm reported that threat actors are running phishing campaign against Apple iCloud users to steal financial data.

The messages sent by bad actors are tailored to appear as legitimate security alerts issued by Apple. Bad actors to lure victims into providing their data are using emails that inform iCloud users about suspicious login attempts related their account. The emails used in the phishing campaign invite victims to repudiate an alleged Order made from their account.

The cyber criminals highlight that the order is considered valid until iCloud users will not proceed to its cancellation, a social engineering technique that could be very effective.

“Your account may have been compromised. Please cancel the following Order Number: WZEYMHCQVWZ20 

Within Apple Inc. latest security checks, we recently discovered that today there were incorrect login attempts to your account. For your account status to get back to normal, Go Here >> to complete the details.

It’s usually pretty easy to take care of things like this. Most of the time, we just need a little more information about your Apple account or previous transactions.” is the text of the email reported in a blog post published by Sophos.

The email includes a link to a phishing page managed by the cyber criminals, which is ‘cancellation form’ that iCloud users have to fill to repudiate the fake order.

“The bogus payment cancellation form is hosted on what looks like a hacked home-user DSL connection in Canada. The form data submission goes to a similar “server” hosted on a connection via a boutique ISP in Switzerland.” continues the post.

Sophos invite iCloud users to be suspicious every time they receive this kind of email, the report from Sophos remarks some mistakes made by crooks such as

• Asks for far too much data, considering the process you are initiating.
• Isn’t on a typical Apple-named website.
• Isn’t using HTTPS (secure HTTP).
• Contains un-Apple-like inconsistencies, such as saying “available only…in the US” yet giving a price in Euros.

The security firm also provides useful suggestions to iCloud users, including:

• Think before you click.
• Don’t assume that crooks aren’t interested in you. 
• Use two-factor authentication (2FA) if you can. 

Every time I explain to people about cyber threat I hear often a similar answer:

“Why cyber criminals are interested in my data, to my mails, to my computer“

The reality is that even if cyber criminals are not able to monetize their efforts by stealing our data, they could use our information, our account and our PC run attacks on third parties.

We must assume that we are all potential targets of the cybercrime as explained in the post:

“Don’t assume that crooks aren’t interested in you. You may have the smallest, simplest web server in the world, but if there’s a security hole, the crooks can use your server, and your URLs, as a staging post for their cyber crimes,” 

Take care of your account, do not be unprepared!

(Security Affairs –  iCloud, phishing)