A week ago I reported on my personal blog how criminals
were spamming out SMS messages that claimed to come from Apple, but were
actually designed to steal personal information for the purposes of identity
theft.
The messages all used a cunning piece of social
engineering – posing as a notice from Apple that their Apple ID was due to
expire that very day – to get unsuspecting users to click on a link to a
phishing website.
The SMS messages were even more convincing because
they referred to recipients by name, most likely fooling some into believing
that there was a genuine reason to act upon the alert and visit the site
pointed to by the criminals.
Although the site the criminals were initially
using – appleexpired.co.uk – was quickly blocked by the major web browsers and
taken down, that didn’t take the wind out of the criminals’s sails.
In the days since it has become clear that the
identity thieves have registered a series of other domains – all claiming to be
related to Apple or Apple ID.
Examples have included icloudauth.co.uk,
mobileicloud.uk, and icloudmobile.co.uk.
And today I received a message from a reader who
has been sent a new version of the scam, pointing to a phishing site that – at
the time of writing – remains online.
Read the complete article on: