sb-as logo
Story image

Phishers bypass content blockers and target Apple users in latest attacks

20 Feb 2017

A simple replica login page is fooling Apple users into falling for a phishing attack, which is using a font substitution tactic to avoid virus software detection, MailGuard reports.

The login page mimics Apple’s real page, but instead its aim is to collect Apple IDs and passwords from unsuspecting users.  The company suspects phishing attackers are looking for ways to make purchases, access private iCloud data and even wipe devices entirely.

Users receive an email, appearing to be from ‘AppleSupport’, but has only been tied to a domain registered just last month, which MailGuard suspects has been purely for spam purposes.

The email states that an account upgrade is underway, but there has been a problem and users must click to verify their accounts.

To bypass email security filters, the email uses Greek characters in place of p, u and w.

MailGuard CEO Craig McDonald says the characters help block antivirus and content filters that look for suspicious phrases such as ‘we will suspend your account’ and other ‘account verification’ traps.

The company says the phishing page looks even more genuine, with features that include resizing for different device screens.

Apple suggests that users choose strong passwords with numbers and punctuation. Two-factor authentication and difficult security questions can also help provide more protection. Apple also recommends that users never share passwords or verification codes with anyone else.

Story image
Scammers using Bitcoin, sextortion to take advantage of Coronavirus fears
As people's fear and desire to do something about COVID-19 is dominating the news, it is also being exploited in every way by online criminals. More
Story image
Internet infrastructure strained as demand for servers surges 30%
Internet service providers are extending data caps to meet the newfound reliance on the network, however, some experts express uncertainty concerning internet infrastructure’s ability to keep up with the rapidly growing demand.More
Story image
80% of cyber threat landscape uses COVID-19 as leverage - report
A report released recently by Proofpoint reveals the extent to which cyber attackers are capitalising on fear and paranoia surrounding the pandemic, with instances of coronavirus-themed attacks increasing every day.More
Story image
Interview: ManageEngine's VP says legacy remote solutions aren't cutting it
Techday spoke with ManageEngine vice president Rajesh Ganesan on the company’s solutions to the rapid changes and issues facing workforces around the globe as millions upon millions pack up their offices and work from home.More
Story image
Kaspersky announces update to Microsoft Office 365 security solution as COVID-19 threats emerge
The upgrade introduces enhanced anti-phishing capabilities with a dedicated anti-spoofing feature, as well as bolstered protection within Microsoft Teams.More
Story image
Remote workers need to improve security measures amidst COVID-19
Technological support and security measures are amongst ways organisations and their employees can protect their business as they move to remote working during the COVID-19 pandemic. More