sb-au logo
Story image

Phishers bypass content blockers and target Apple users in latest attacks

20 Feb 2017

A simple replica login page is fooling Apple users into falling for a phishing attack, which is using a font substitution tactic to avoid virus software detection, MailGuard reports.

The login page mimics Apple’s real page, but instead its aim is to collect Apple IDs and passwords from unsuspecting users.  The company suspects phishing attackers are looking for ways to make purchases, access private iCloud data and even wipe devices entirely.

Users receive an email, appearing to be from ‘AppleSupport’, but has only been tied to a domain registered just last month, which MailGuard suspects has been purely for spam purposes.

The email states that an account upgrade is underway, but there has been a problem and users must click to verify their accounts.

To bypass email security filters, the email uses Greek characters in place of p, u and w.

MailGuard CEO Craig McDonald says the characters help block antivirus and content filters that look for suspicious phrases such as ‘we will suspend your account’ and other ‘account verification’ traps.

The company says the phishing page looks even more genuine, with features that include resizing for different device screens.

Apple suggests that users choose strong passwords with numbers and punctuation. Two-factor authentication and difficult security questions can also help provide more protection. Apple also recommends that users never share passwords or verification codes with anyone else.

Story image
The importance of selecting a secure SD-WAN solution
It’s essential to adopt a secure SD-WAN solution to avoid the risks that an unsecured SD-WAN solution can introduce, writes Wavelink managing director Ilan Rubin.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Six steps for effective public-sector cloud adoption in a post-COVID world
Governments and agencies need to continue to assess the way they operate so they can be best positioned to deliver services in the new world in which they now have to operate.More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Link image
Why it's crucial to normalise proper security training for remote working
Knowing and implementing best practices for remote security can save money, time and headaches. It starts with a quality solution to safeguard the workforce.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More