Renowned security expert, Brian Krebs, shared information on a massive phishing scheme targeting iPhone users.
With the help of at least 146 domain names, the Russia-based criminal ring attempted to steal credentials from users whose iPhones had been stolen.
“Victims of iPhone theft can use the Find My iPhone feature to remotely locate, lock or erase their iPhone — just by visiting Apple’s site and entering their iCloud username and password.
Likewise, an iPhone thief can use those iCloud credentials to remotely unlock the victim’s stolen iPhone, wipe the device, and resell it. As a result, iPhone thieves often subcontract the theft of those credentials to third-party iCloud phishing services. This story is about one of those services.”
The phishing scheme used legit-looking domains, such as findmyapple.store, www-sms-apple.com, appple.pw and others, to lead iPhone owners into surrendering their iCloud credentials, thus giving the hackers the ability to remotely control them.
While the majority of the domains were hosted on Russian servers, the owners of the phishing network appear to be from Central and South America.
Read the full article, titled “If Your iPhone is Stolen, These Guys May Try to iPhish You” at Krebs on Security.