MacNN | Follow-up: EA compromised site used in Apple ID scam shut down
Mac News Network View: Standard | Headlines | Categorized | Slim
Mac News Network
Mac News iPod News Reviews Forums
 

Desktop Headlines
Follow-up: EA compromised site used in Apple ID scam shut down
Wednesday, March 19, 2014 @ 11:28pm

Late Wednesday afternoon, Electronic Arts reported that it had finally closed a serious vulnerability on its web servers that allowed hackers to host a fake "Apple ID" page -- part of a phishing scam that attempted to trick users into visiting the fake page and supplying personal information and credit card details that Electronista reported on earlier today. Netcraft, which originally spotted the compromised pages, reported the problem to EA on Tuesday night.



The fake Apple ID page
The fake Apple ID page
MacNN has received reports that readers received emails citing recent, popular titles that the recipients may well have actually looked at or bought, with the explanation that their account may have been compromised and that users would need to "verify" their account details at a legitimate-looking URL that was disguised to hide the EA subdomain. Users who clicked on the URL directly from the email (a common phishing mistake) would be taken to the fake page and may reveal their iTunes account details, including credit card number. "We found it, we have isolated it, and we are making sure such attempts are no longer possible," a company spokesperson said in an emailed statement late Wednesday afternoon, but questions remain about why the reported compromised pages were allowed to continue running even well into Thursday morning after being reported the previous evening. Initially, the company said it had "taken immediate steps to disable any attempts to misuse EA domains," but disputed the "underlying claims" of Netcraft's findings. Netcraft, for its part, immediately blocked the page by adding it to its list of phishing sites, used by a wide variety of browsers, anti-virus and filtering programs to block suspicious sites. Apple itself has had a stellar record on protecting users' credentials from hackers, but it remains a tempting target for phishing scams, having over 500 million active credit cards on file. The company has added two-factor and Touch ID authentication as strengthened alternatives to help avoid fraud -- however, users tricked into supplying details or still using weak passwords are often the victims of phishing and other scams, though Apple usually covers any losses incurred from such incidents. As has been the standing advice for users for years, clicking on links directly from "security threat" or "super bargain" type emails -- particularly when they say the site will require "confirmation" of personal details and financial info -- is to be avoided, but the URL can be manually copied and tested in a web browser if users are unsure. In addition, browsers often have visual signals to assure users that they are visiting the legitimate and secure site of a brand-name vendor.
How to tell one is on the real Apple website
How to tell one is on the real Apple website


Comments on this Article
Print Friendly Version
Email to a Friend
Add MacNN to Your RSS Feeds
Buy from the Apple Store


Related Stories:

Today's MacNN Stories:
  • Prime membership rescues Amazon from loss, $241 million profit posted - 6:37 PM EST
  • Apple offers iOS productivity bundle on App Store - 6:17 PM EST
  • Elgato issues recall for faulty Smart Power battery packs - 4:34 PM EST
  • Hands On: Microsoft Outlook (iOS) - 4:26 PM EST
  • Facebook introduces Foursquare-style Place Tips - 3:25 PM EST
  • FCC redefines broadband speeds as 25Mbps downloads, 3Mbps uploads - 2:49 PM EST
  • Briefly: Soundcloud, Tumblr iOS apps receive updates - 1:57 PM EST
  • Google Play beats App Store in downloads, fares worse in revenues - 1:23 PM EST
  • Amazon WorkMail seeks to replace Google, Microsoft corporate email - 1:05 PM EST
  • iTunes Connect users report being logged into wrong accounts [u] - 12:28 PM EST
  • Hands On: CoinKeeper (iOS) - 12:17 PM EST
  • Apple Back to School promo goes live in Australia, New Zealand - 10:56 AM EST
  • Microsoft OneDrive upgrades photo functions, offers Mac sync client - 10:52 AM EST
  • Hands On: Gravity Ghost (OS X, Windows) - 10:33 AM EST
  • Apple, Samsung effectively tied for lead in global smartphone market - 10:02 AM EST
  • Pointers: 10 Fast Tips for Safari (OS X) - 9:06 AM EST
  • Microsoft releases Outlook preview, ships Office for Android apps - 7:36 AM EST
  • Hands On: Comic Zeal (iOS) - 7:31 AM EST
  • Samsung fourth-quarter, fiscal year 2014 results shows drop in profits - 2:23 AM EST
  • R&D at Apple increases by 42 percent, hits $1.9B - 1:00 AM EST
  • China to require backdoors, audits for foreign enterprise sales - 12:48 AM EST
  • Review: Epson PowerLite Home Cinema 3500 projector - 12:20 AM EST

    Today's iPodNN Stories:
  • Sky confirms future launch of own carrier on O2's mobile network - 5:20 PM EST
  • Briefly: Gmail 'Send Money' option in UK, Sky Go app on PlayStation 3 - 5:58 AM EST
  • Qantas to offer Samsung VR headsets to select passengers - 3:06 AM EST
  • Silk Road trial shifts to focus to buyer and dealer experience - 2:52 AM EST
  • Sony Music Unlimited replaced by partnership with Spotify - 10:27 PM EST
  • No comments posted on this story yet. Please post yours.
    Your Comments
    In order to post comments, you must be a registered member of the MacNN Forums and logged in. Please login with your MacNN Forums username and password.

    MacNN Forums Login:

    MacNN Forums Password:

    Not a member of the MacNN forums? Register now for free.