Apple users targeted in "phishing" scams

istockphoto

It seems to be "phishing" season -- and Apple users are a growing target.

Computer security experts have detected a recent uptick in Apple-related online scams, and they say there are several reasons for that. Hackers may be trying to exploit users' concerns about iCloud security after the highly-publicized case of celebrities' personal photos being stolen and posted online. In addition, experts say hackers are probably trying to take advantage of the popular excitement surrounding the launch of the new Apple iPhone 6 and iPhone 6 Plus. With new products and software rolling out, many users may believe these scams are part of the normal update process.

According to the 2014 Global Phishing Survey, Apple is now the "world's most-phished brand." A phishing attack is one in which a hacker sends you a text or email that appears to be from a legitimate business or acquaintance, and tries to trick you into entering personal data, a credit card number or other financial information. The Global Phishing Survey notes there were "at least 123,741 unique phishing attacks worldwide" in the first half of 2014 that each targeted a specific brand or entity. Almost 23,000 domain names "were registered maliciously by phishers," mostly in China, the report said.

Phishing attacks are common on all platforms, not just Apple products. The attacks rely not on technology, but on psychology: they aim to fool users into giving up sensitive information by impersonating sites or people they trust. However, if you know what to look for, it's usually possible to tell the difference between a legitimate email and one that's part of a phishing attack.

For example, some CBS staffers received this phishing scam email about their iCloud and Apple ID:

phishing-email-cu-blurred-email-address-copy.jpg
"Apple ID" phishing email.
CBS News

Satnam Narang, Security Response Manager for Symantec, described the warning signs in this particular phishing email. "The subject is weird. 'Apple Service Locked'? Apple wouldn't write something like that," he told CBS News. Another giveaway? "The 'to' line is addressed to a generic name, 'Apple user,' and an email address. Apple knows your Apple ID."

And read carefully: "It is written in broken English," Narang observes. The address on the bottom says 'Apple Genius UK,' then gives an address in Cupertino, CA.

Narang also advises users to check the URL, or web address, in the link before they click on anything. In the example above, the link was not really going to Apple's website.

He notes that Apple would never ask you to enter information like your Apple ID, password, address, phone number, birth date and credit card. "Vendors like Apple will not ask you to give them information if they already have it on file."

He also warns against giving away other information, like the answer to your security question, which could be used to hack into Apple or other accounts. He told CBS News that phishing "is a very common tactic to steal account information. You have to be wary."

October is National Cybersecurity Month. Just in time.