Saturday, February 03, 2018

Apple and iCloud phishing attacks continue; AOL seems unable to identify certain phishing scams;security companies not up to speed on this


I continue to receive strange emails claiming signon to my iCloud account and purchases overseas, especially in Indonesia and former Soviet republics.  I have marked them all as spam and forwarded them to Apple’s reportphishing@apple.com.  AOL does not seem to catch these as spam (nor does it catch emails that say your own AOL mailbox has been closed). 

I am also getting emails claiming my iCloud account has been canceled, with the sender addressed spoofed well enough even when tested by mouse-over to appear to have come from Apple. But the iCloud id and pw still work so that appears to be phishing. These also have been forwarded to Apple.
  
Yet security company Webroot is not aware of a specific problem with phishing involving iCloud.  
  
 However employees at an Apple store told me there has been a problem.

So far there is no evidence of invalid charges or of fake accounts overseas in my name.  But it is conceivable that someone could get arrested overseas if a fake identity had been created and the person went to that (third world) country. It is conceivable that fake accounts could result in judgment attempts.
 
Another possible risk could be that a hacker could place illegal content in an iCloud account. Users should always periodically spot check all online accounts that they have for possible abuse. 
   
This does seem to be a very large and bot-automated phishing attack probably from parts of the former Soviet Union. 

No comments: