green-circle-full

Phishing for Apples

Phishing isn’t new, but it is a form of attack that has continued to evolve. For years, hackers have found more sophisticated ways to infiltrate computers and even cell phones. A recent article from Brian Krebs of KrebsOnSecurity.com highlights the story of an iPhone user who received a text message mimicking Apple’s “Find My Phone” feature.

The iPhone user lost their phone in South Africa. Shortly after, the user received a text message from a number posing as an automated message from Apple’s support team. The message addressed the user by name and stated that the missing phone had been found. The message indicated that the user could view the location of the phone via a link. While the rest of the message was not entirely convincing, the link included two key Apple phrases such as “maps” and “iCloud.” While there were other warning signs in the message, a sophisticated looking link is enough to fool many users.

A closer look at the Russian server that hosted the link in the message shows many other deceiving links. Almost every link included the subdomains “apple” or “iCloud,” followed by a domain name starting with “com-.“ The key to spotting links that look real, but may redirect to somewhere else is to look for the first forward slash after the encryption certificate (https://) and read what is directly to the left of that slash. For example, if a link looks this:

https://www.apple.com.example.com/findmyphone/

The link will redirect to “example.com” instead of Apple’s website.

Sometimes, a domain can redirect to another domain. A phishing target who is suspicious of a link’s authenticity may try to load the base domain into a web browser (which means taking out whatever text is after the forward-slash). To ease concerns, the hacker may make this version of the link redirect to a legitimate website. With phishing links looking and more real, this makes it more imperative than ever to look for warning signs.

At the end of the day, a user’s best defense against becoming a phishing victim is to avoid anything and everything that seems suspicious. Avoid impromptu and threatening emails. Look for the warning signs in emails while also examining the message as a whole for authenticity. Phishing has and always will be a threat to businesses, as well as individuals. Talk to a trusted advisor today about steps you can take to protect your organization.