OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Electronic Arts server hacked to steal Apple IDs

Published March 19th, 2014 at 1:09 PM EST , modified March 19th, 2014 at 1:09 PM EST

Paul Mutton of Netcraft posted an article today about the discovery of an Electronic Arts server that has been hacked and turned into a phishing site. The site evidently requests not only an Apple ID and password, but then proceeds to ask for other personal information, including credit card information, full name and date of birth, and mother’s maiden name. Once provided, it redirects the user to the real Apple ID site.

The only thing really new about this is the use of a server belonging to a legitimate, and well-known, company. Phishing is really nothing new, and Apple IDs are a common target due to their popularity and their purchasing power. The fact that it redirects to the real Apple ID site is somewhat interesting, but really doesn’t change much. Still, this news provides a useful reminder to exercise caution when logging in to your Apple ID.

The best way to protect yourself against such attacks is to avoid clicking links in any e-mail messages or on any websites that seem to take you to the Apple ID login page. If you need to make changes to your Apple ID, manually enter “appleid.apple.com” into your browser’s address bar to go directly to the appropriate site. Always pay close attention to the address of the site you’re on before entering any personal information!

Apple ID site

Also, notice the green rectangle in Safari’s address bar, reading “Apple Inc.” and having a lock icon. This badge indicates that the site is using SSL encryption to protect you, and clicking on it allows you to view the SSL certificate. Although this may not mean much to the average person, it should raise serious red flags if this badge is not present, or if the certificate does not actually appear to belong to Apple. In cases where a wireless router has been hacked or domain name server poisoned, which can lead to the “appleid.apple.com” address being redirected to a phishing site, this may be your only clue that you’re not on the real Apple ID site.

The same advice, of course, also applies to all other sites that require login, such as Amazon, PayPal, bank sites, etc. Always exercise caution when providing personal information to any website.

Tags: ,

This post is more than 90 days old and has been locked. No further comments are allowed.