Phishing scam targets Apple users in the midst of big iPhone event

Today is a big day for Apple and their millions of users worldwide who are waiting to hear about the latest features for the new iPhone.

The Cupertino-based company was set to unveil what many hope to be big additions in order to stay in the game and compete against Android.

Meanwhile, the bad guys seem to be more interested in robbing Apple users than rejoicing about the big news of the iPhone 5S.

Phishing emails are being sent en masse to harvest people’s Apple ID. The emails contain links to external phishing websites:


But that’s not all. They go even one step further to steal credit card, social security number, date of birth, and more:


Other than the URL in the address bar the pages look authentic and high quality. But with a few minutes of googling, I was able to find the original phishing toolkit hosted on a compromised Joomla! website:


The archive can then be extracted on any website and used as a phishing landing page:


The nice thing about collecting the toolkit is that we can see server-side files that sometimes give us more information about the perpetrators:


The above PHP code grabs all the user’s credentials and sends them off to a email address.

We don’t often see too many attacks targeting Apple users but with a growing market share it only makes sense.

If you ever receive an email urging to update your Apple information be very wary of it. The best thing to do if you are not sure how to proceed is to directly contact Apple via their live chat or phone support.

Other than that, cheers to some cool features coming up for the iPhone 5S!

Jerome Segura (@jeromesegura) is Senior Security Researcher at Malwarebytes.


Jérôme Segura

Principal Threat Researcher