Trend Micro researchers are warning of a spike in phishing sites designed to steal Apple IDs — they recently identified 110 of the sites, all of which are hosted at the IP address 126.96.36.199, registered to a Houston-area ISP.
“Upon looking at the URLs, we noted that there was a consistent pattern to the URLs of these phishing sites,” writes Trend Micro’s Paul Pajares. “They are under a folder named ~flight.”
The phishing pages themselves very closely match Apple’s login pages. Some ask not just for the user’s Apple ID and password, but also for the billing address and credit card information.
“Users may be redirected to these phishing sites via spam messages that state that the user’s account will expire unless their information is subject to an ‘audit,’ which not only gets users to click on the link, it puts them in a mindset willing to give up information,” Pajares writes.
Pajares suggests that Apple customers enable two-factor authentication, and exercise caution in clicking on links in messages that appear to come from the company.