Apple ID Phish Goes Horribly Wrong

Compromised .Gov Redirected to Apple ID Phish

We recently saw a URL which was redirecting to a phishing expedition for Apple IDs. First up, let’s take a look at the email which sported a particularly French flavour:

Fake Apple mail

It reads as follows:

Dear Customer, Your Apple ID was used to log into iCloud from an unauthorized computer. Your account is now locked, please log into your account to check your information.

Click here Apple Support

The link leads to


which contained little other than code to redirect the visitor:

.gov code

The potential victim was sent to


which looked like yet another compromised domain, asking for Apple login credentials.

Apple phish page


Both rogue pages have now been taken offline. A .gov site is always going to be a juicy target for scammers so it’s crucial Admins keep everything patched and up to date – tracking back to where and how an attacker got in can be a long, arduous process. As for Apple ID owners, always verify you’re on the correct page before entering login details. Unless you specifically asked Apple to send you a link for some reason (a password reset, for example) then you should avoid random URLs sent your way. Here’s some Apple ID security information which will likely assist with keeping your account secure.

Christopher Boyd (Thanks to Cecile for sending over)


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.