The last two weeks have seen a significant spike in the number of phishing sites on the web targeting Apple IDs, according to Trend Micro's Security Intelligence Blog (via The Next Web). The blog pointed out on Tuesday that the newest trend appears to involve compromising a site and adding the phishing pages to a folder named ~flight. The files in the folder display a page designed to look like a login page for Apple's services, encouraging the user to enter an Apple ID, credit card security code, and password.
The second part of the phishing attack relies on spam emails urging the recipient to submit their information for an "audit" lest their account expire in 48 hours. The email, designed to somewhat resemble an actual communication from Apple, links to the phishing page and prepares them to give up their login information.
Trend Micro has identified 110 compromised sites, all hosted at the IP address 18.104.22.168. That address is registered to a Houston-area ISP, and almost none of the sites affected have been cleaned.
As Apple IDs are typically tied to their owners' credit cards, the security surrounding them is quite important. Apple recently gave users the option to enable two-factor authentication for their Apple IDs, making it necessary to verify a user's identity before changing account options, getting Apple ID-related support from Apple, or making purchases from a new device. Trend Micro recommends that users enable this option for added protection.
This newest scam is just the latest in a line of phishing attacks targeting Apple customers. In 2011, another well-crafted phishing scam similarly encouraged users to give up their data, saying that their billing information records were "out of date." A 2008 scam targeted MobileMe users, citing an "important" billing problem. Apple for years now has been building anti-phishing measures into its Safari browser, and improving iTunes account security. Internet Explorer, Chrome, and Firefox also have anti-phishing measures built in.