Apple users targeted by scammers for their disposable income: security blogger

At the end of every rainbow, there’s an iPhone or a MacBook Pro. At least that appears to be the view of a growing body of scammers, who have now set their sights on users of Apple products, according to a prominent security blogger.

“Criminals will go where the money is,” Graham Cluley told the BBC. “Apple products cost more than some of their competitors’ so it’s likely that their customers have more disposable income. That’s cash which the bad guys would like to have filling their pockets.”

So far this week, Cluley has warned of two new attacks against Apple users. On Monday, Cluley wrote that people had reported receiving a text message from “AppleInc” over the weekend, notifying them that their Apple IDs were about to expire. Users were told to click a link to retain their ID.

A click brought up “a convincing-looking replica” of the Apple ID login page, Cluley wrote. No matter what a user entered on that screen, they would receive a message that their ID was locked for security reasons. In this “phishing” attack, users were asked to enter birth date, phone number, address and credit card details, Cluley wrote.

On Tuesday, Cluley warned Mac users about fake Adobe Flash Player updates discovered by Mac-security firm Intego. The viral attack spread via a Mac installer file that was signed with a legitimate developer ID certificate, “effectively tricking OS X’s built-in Gatekeeper security to believe that the files can be trusted and are not malicious,” Cluley wrote.

The attack could cause unwanted programs to be installed on their systems, he wrote. “Researchers report that third-party apps they have seen being installed by the fake Adobe Flash update include MegaBackup, ZipCloud, and MacKeeper,” Cluley wrote.

The blogger noted that two months previously, Mac users were seeing Adobe Flash update popups that led to installation on their computers of “scareware” — programs intended to trick people into buying and downloading possibly malicious software. In that case, too, the scammers had signed their code with an Apple developer certificate, allowing it to evade OS X’s defenses, Cluley wrote.

“A definite possibility is that some OS X developers are being too careless with their own security, and not recognizing the need to properly protect their certificates from hackers,” he wrote.

Targeting Apple users on the basis of their pocketbooks could dovetail with a tendency of online scammers to go after older people to take advantage of those whose faculties are deteriorating: male U.S. senior citizens spent more on Apple products than any other U.S. demographic group in 2014, according to CNN.


Photo illustration: An iPhone held up in front of the Apple logo. (AFP/Getty Images)


Tags: , , , , , , , , , ,


Share this Post