Story image

A new twist on an old phish: Apple scams now using encryption

15 May 2018

Persistent phishing scams targeted at Apple users continue to plague inboxes – but what’s happening behind the scenes? Trend Micro recently deconstructed a new phishing scam that targets Apple IDs and uses AES encryption as part of its processes.

One of the latest Apple phishing scams, spotted on April 30, uses social engineering to trick users into thinking their Apple account is suspended.

The phishing attacks are also occurring at a time when many genuine businesses are sending emails that ask users to update their details or strengthen security, as part of GDPR requirements.

“It comes as no surprise that malicious actors are trying to take advantage of this email wave by sending phishing pages to users. These actors are getting quite good at impersonating major companies, and they usually try to masquerade as legitimate ‘user policy update’ emails,” Trend Micro says.

The firm says Apple IDs and passwords are valuable to cybercriminals because they can provide access to all applications linked to that Apple account.

This particular scam looked like a genuine email from Apple, however it was flagged for numerous reasons. It was sent to a recipient who did not use Apple products; it asked the person to update their payment details due to ‘suspicious activity’, and the ‘Update Your Payment Details’ link did not point to the official Apple domain name.

Instead, the link pointed to a website that generated a new token for each victim.

“The token was valid for at least 48 hours. It seemed to be for tracking the user and was not affected by various user-agents of the different browsers and devices. If clicked, the button opened to a fake Apple website stylised to look legitimate—the fake site even had the same background image as the legitimate Apple site. But the URL was obviously not Apple,” Trend Micro says.

What made this phishing attempt different than others is that the phishing site was encrypted using AES.

“Using AES for this kind of obfuscation is unusual for a phishing scam because usually these malicious actors are more concerned with operations rather than security or evasion,” Trend Micro says.

When the security firm logged in using a fake Apple ID, it was directed to a malicious website designed to collect data including names, dates of birth, phone numbers, addresses, and credit card details.

After the site had collected all information, it told victims they would be logged out for security reasons. They were then forwarded to the genuine Apple website.

In this case the cybercriminals put effort into securing the information they collected, and even the web directory permissions were correctly set so security researchers weren’t able to access the stolen data.

“Users should be wary of links sent by email to access pages like Apple ID login, Google login page, PayPal, social networks and other sensitive sites. There might be other malicious links or file attachments as well, so scanning attachment files with security solutions is a must. Also, users should try to verify the urgency of the information found in suspicious emails from other sources, like the social media pages of the particular organisation,” Trend Micro concludes.

Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.