Skip to main content

Another iCloud phishing attack spotted

iCloud users are yet again targets of phishing attacks, conducted by hackers aiming for their financial data.

Paul Ducklin wrote on the Sophos security blog (opens in new tab) how crooks use the usual "bogus order“ scam with a little twist, to trick the users into giving away sensitive data.

"Instead of simply telling you about a payment you're supposed to have made, and leaving it to you to steam in and challenge the transaction, they're pitching themselves as a bit more on-the-ball this time“, he goes, before showing how scammers write notifications tailored to look like legitimate security alerts:

"Your account may have been compromised. Please cancel the following Order Number: WZEYMHCQVWZ20,“ reads the bogus message.

[caption id="attachment_112546" align="aligncenter" width="402"]


(opens in new tab)


In order to 'cancel the order', the victim must visit a website that looks like Apple's store, but is in fact owned by the scammers. There the victims enter their data in the form and basically give it to the crooks.

"The bogus payment cancellation form is hosted on what looks like a hacked home-user DSL connection in Canada," explained Ducklin.

"The data submission form goes to a similar ‘server' hosted on a connection via a boutique ISP in Switzerland."

"Don't assume that crooks aren't interested in you. You may have the smallest, simplest web server in the world, but if there's a security hole, the crooks can use your server, and your URLs, as a staging post for their cyber crimes," he said.

Ducklin advises everyone to "think before you click“, and use two-factor authentication, wherever it's possible.

Chris Boyd, Malware Intelligence Analyst at Malwarebytes told ITProPortal: "Legitimate looking bill payment cancellation phishing attacks have been around for a few years, but typically target banks, online payment services or areas of business related to HR or payroll. Seeing it applied to iCloud users is an interesting twist, but as with all similar forms of attack there are enough clues to tip-off the wary.

Never enter payment or personal information into a webpage sent via an email, and always navigate to the site directly if needs be - even better, check with the company if what you're looking at is the real deal. There's a good chance it isn't."

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.