Phishing spam attempts to access passwords

August 29, 2012

A recent email security attack has been targeting owners of Apple devices such as iPhones and iPads, according to KCBY-TV.

Fake emails sent to Apple devices are made to convince users that something is wrong with their Apple ID password. Those who open the email see an alert that resembles the alert received when a user resets his or her password. The unsolicited emails are not only targeting personal accounts, but business email lists as well.

Fisher Plaza IT expert Andrew Baker told the news source that the purpose of this fake email is to grant hackers access to user ID passwords, which allows them to control Apple accounts.

Sophos Lab's Chet Wisniewski told the news source that the links in the Apple ID spam emails redirect users to a fake website. A hacker can then access the password and become aware of other computer vulnerabilities.

"This website has been rigged up with all kinds of booby traps, in essence, trying to find bugs in the software on your computer with a virus," said Wisniewski to KCBY-TV.

This attack follows a string of phishing scams created by hackers. According to a report by security firm RSA, there have been almost 33,000 phishing attacks globally each month in 2012. Email security attacks have increased 19 percent since 2011, and have resulted in a loss of $687 million. The United States has endured 26 percent of the phishing attacks this past year.

Resist phishing attacks
Experts recommend deleting spam immediately to block the attack. If a user were to open an infected email, he or she should not click on the link to ensure data protection.

Sometimes a user cannot determine if an email is spam. KCMY-TV suggests holding the mouse over the link on the fake Apple email users to see who the email is really from. If the link in the text and the real link do not match, a user should delete the email. Users should also be wary of opening attachments within unsolicited emails.

Experts also recommend that a person never provide personal account information through an email unless he or she knows whom it is being sent to.

As phishing attacks become more common, proper email security measures should be taken to prevent hackers from gaining complete control of a computer.

-McAfee Cloud Security