Another iCloud phishing attack spotted

iCloud users are yet again targets of phishing attacks, conducted by hackers aiming for their financial data.

Paul Ducklin wrote on the Sophos security blog how crooks use the usual "bogus order“ scam with a little twist, to trick the users into giving away sensitive data.

"Instead of simply telling you about a payment you're supposed to have made, and leaving it to you to steam in and challenge the transaction, they're pitching themselves as a bit more on-the-ball this time“, he goes, before showing how scammers write notifications tailored to look like legitimate security alerts:

"Your account may have been compromised. Please cancel the following Order Number: WZEYMHCQVWZ20,“ reads the bogus message.

[caption id="attachment_112546" align="aligncenter" width="402"]

credit: nakedsecurity.sophos.com

credit: nakedsecurity.sophos.com[/caption]

In order to 'cancel the order', the victim must visit a website that looks like Apple's store, but is in fact owned by the scammers. There the victims enter their data in the form and basically give it to the crooks.

"The bogus payment cancellation form is hosted on what looks like a hacked home-user DSL connection in Canada," explained Ducklin.

"The data submission form goes to a similar ‘server' hosted on a connection via a boutique ISP in Switzerland."

"Don't assume that crooks aren't interested in you. You may have the smallest, simplest web server in the world, but if there's a security hole, the crooks can use your server, and your URLs, as a staging post for their cyber crimes," he said.

Ducklin advises everyone to "think before you click“, and use two-factor authentication, wherever it's possible.

Chris Boyd, Malware Intelligence Analyst at Malwarebytes told ITProPortal: "Legitimate looking bill payment cancellation phishing attacks have been around for a few years, but typically target banks, online payment services or areas of business related to HR or payroll. Seeing it applied to iCloud users is an interesting twist, but as with all similar forms of attack there are enough clues to tip-off the wary.

Never enter payment or personal information into a webpage sent via an email, and always navigate to the site directly if needs be - even better, check with the company if what you're looking at is the real deal. There's a good chance it isn't."