网络上出现欺骗性极强的苹果ID钓鱼诈骗
新华网3月20日电 据美国科技博客Gizmodo报道,在世界了解了Google Docs 危险欺骗性极强的网络钓鱼诈骗的24小时后,一家安全公司有了及其相似的发现,其中涉及苹果ID登陆界面。奇怪的是,这是托管在EA的网站上。
Netcraft 周三在其博客上解释了骗局。骗局开始于一个EA的合法链接,重新定向后会进入到另外一个看似合法的苹果ID登陆界面。其实不然,一旦你进入下一步,另外一个界面会要求你输入大量的个人信息,包括你的姓名、信用卡号(及验证码)、出生日期,甚至你母亲的姓氏。当你点击确定后,网页又会重新定向到真正的苹果ID主页。
目前尚不清楚钓鱼计划背后的黑客们是如何给人们发送EA域以及假冒的苹果ID登陆主页的,但是不难想象这与苹果提供的电子邮件是紧密联系的,甚至是与一些EA制作的iPhone 游戏相关的东西。当然,EA正在调查此情况,并且声称他们已经在第一时间修复了允许钓鱼页面生成的相关漏洞。
不用说,你在登陆时应该非常小心。最近,复杂的网络钓鱼攻击有呈上升的趋势,而且检查网站URL地址这一经典手段也不像过去一样有效了。当你有疑问的时候,你应该直接进入想访问的网站并导航到你想要访问的页面,或者仅仅是在地址栏输入网址也可以避免任何卑鄙的定向链接。虽然只是常识,但同样可以帮助你免受其害。
Beware This Dangerously Convincing Apple ID Phishing Scam
Just 24 hours after the world learned about the dangerously convincing Google Docs phishing scam, a security company revealed a very similar exploit involving the Apple ID log-in screen. And, weirdly enough, it's hosted on EA's website.
Netcraft explained the scam on its blog on Wednesday. It begins with a legitimate EA.com URL that redirects to what appears to be a legitimate Apple ID log-in screen. But it's not. Once you enter those details, you're taken to a second screen that asks for a host of personal details, including your full name, credit card number (and verification code), date of birth—even your mother's maiden name! When you click okay on that screen, you're redirected to the actual Apple ID home page.
It's unclear exactly how the hackers behind the phishing scheme are sending people to the EA domain and fake Apple ID log-in page, but it's easy to imagine it being couched in some email about an Apple offer, maybe even something related to EA's many iPhone games. EA, of course, is investigating the situation and claim it has already fixed the vulnerability that allowed the phishing page to be set up in the first place.
Needless to say, you should be very careful about logging in. There's been an uptick in sophisticated phishing attacks lately, and it's obvious that the classic check-the-URL-trick doesn't work as well as it used to. If in doubt, you should always go directly to the website and navigate to the page you want to visit, or simply type the address into the URL bar to avoid any sneaky redirects. Common sense can't hurt, either.
