Press Release

Kaspersky Lab Identifies Increase in Apple Phishing Scams

Users Advised to Safeguard Apple Accounts and Sensitive Data as Cybercriminals Target Apple IDs and Financial Credentials 

Woburn, MA – July 9, 2013 - Kaspersky Lab today announced it published a phishing report that analyzed the dramatic increase of cybercriminal campaigns designed to steal users’ Apple IDs and personal account information stored in their iCloud and iTunes accounts. From January 2012 through May 2013, Kaspersky Lab’s cloud-based Kaspersky Security Network (KSN) detected an average of 200,000 attempts per day of users being directed to phishing sites.

Every attempt was triggered each time a user running Kaspersky Lab’s products was directed to one of the fraudulent sites. Kaspersky Lab’s antivirus module successfully detected and prevented its users from accessing the sites; however, the increase in average detections is a drastic rise in detections compared to 2011, which averaged only 1,000 detections per day.

Kaspersky Lab’s experts analyzed the cybercriminals’ behavior and patterns on a daily and monthly basis, noticing that fluctuations and increases in phishing attempts often coincided with large events from Apple. For example, on December 6, 2012, immediately following the opening of iTunes stores in India, Turkey, Russia, South Africa and an additional 52 countries, Kaspersky Lab detected an all-time record of more than 900,000 phishing attempts directing to fake Apple sites in a single day.

Phishing Emails Posing as Apple

The main distribution method used by cybercriminals to direct users to the fraudulent Apple sites is predominantly phishing emails posing as Apple Support with fake alias names in the “Sender” field, such as services@apple.com. The messages would typically request users to verify their account by clicking on a link and entering their Apple ID information. These emails are deceptively clever and professionally designed in order to make them appear authentic, including the use of Apple’s logo and presenting the message with similar formatting, coloring and style that Apple uses.

Another variation of these phishing emails are designed to steal Apple customers’ credit card information. This is done by sending users an email requesting that they verify or update the credit card credentials attached to their Apple IDs, which can be done by clicking on a link in the message. The link directs the user to a phishing site that imitates how Apple requests credit card information from their customers to fool users into inputting their credit card information and other personal information.

Further information on phishing attempts targeting Apple customers is available on Securelist.com

About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 15-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.

*The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2011. The rating was published in the IDC report "Worldwide Endpoint Security 2012–2016 Forecast and 2011 Vendor Shares (IDC #235930, July 2012). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2011. 

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact:
Sarah Bergeron
781.503.2615
sarah.bergeron@kaspersky.com