Shortly after the iCloud accounts of numerous celebrities have been compromised, the cyber crooks behind the Kelihos botnet started a new phishing campaign, targeting the owners of Apple online accounts.
Russian IP Used for the Alleged Purchase
The Symantec Research Team discovered that the Kelihos botnet is now sending spam emails disguised as Apple security alerts, informing users that there was a purchase made via their Apple ID from the iTunes Store. The subject of the spam email reads: „Pending Authorization Notification” and states that the computer, from which the purchase was made, has not been previously associated with the corresponding Apple ID. In order to make the message even more believable, the hackers point an IP address and a physical location in Volgograd, Russia, where the alleged transaction was made. The users are instructed to click on a link in case they have not initiated the purchase. The link leads the user to a phishing website that is designed to look exactly like the Apple ID log-in page, where all the entered data is collected for resale and exploit. When it comes to the purchase, the email reports that the movie “Lane Splitter” has been added to the user’s shopping cart.
Using the Celebrity iCloud Account Attack to Collect Apple ID Credentials
The phishing campaign relies on the users’ fears that their accounts may also be compromised since only a week ago cyber criminals hacked celebrities’ iCloud accounts and stole nude photographs of numerous actresses and models. Reportedly the attack was targeting user names and passwords and had nothing to do with Apple’s cloud-based system. Still, the incident attracted so much attention, that the CEO of Apple, Tim Cook, announced that the company will now send security notifications to the users when changes to their iCloud account are made.
Apparently this has presented the authors of the Kelihos botnet with a perfect opportunity to launch their phishing campaign. Using fake security alerts in phishing schemes is a common practice. But in this particular case the timing has only helped the cyber crooks to get their hands on the targeted information easier.
Some Protection Tips from the Experts
Here are a few things users can do to avoid becoming victims of phishing campaigns:
- When replying to emails, do not provide personal information of any kind
- Avoid clicking on suspicious links in emails
- Avoid entering personal data in pop-up windows
- Pay extra attention to messages about account-updates and restriction-alerts
