The number of phishing attacks targeting Apple devices is on the up.
Hackers are increasingly using the legitimate apple.com domain in order to lure unsuspecting users to open seemingly safe links to Apple support or services. These links actually lead to malicious pages containing code that will steal Apple IDs and credit card information or to fake Apple pages that prompt users to log in to their Apple accounts, the data input is sent directly to a remote server. The number of attacks fluctuates from day to day, with the highest number of attacks falling around the same time that Apple marketing campaigns are active, allowing the malicious emails to hide amongst various genuine emails.
Figures in 2011 stood at an average of 1000 attempted attacks a day, this figure now stands at a huge 200,000 a day. The highest recorded number of daily attacks was on December 6th of last year, where 900,000 phishing attempts were made, directly in line with the opening of iTunes stores in 56 new countries.
The best way to detect if a page is genuine or not is to check the URL in the address bar, genuine pages will contain the ‘apple.com’ domain, phishing links might contain additional numbers or letters or not contain the word ‘apple’ in the link at all. A good way to avoid becoming a victim is to manually type all links into the address bar, that way a visibly safe link won’t be able direct you towards a malicious page.