or Connect
AppleInsider › Forums › General › General Discussion › Phishing scam takes advantage of Apple Dev Center downtime
New Posts  All Forums:Forum Nav:

Phishing scam takes advantage of Apple Dev Center downtime

post #1 of 14
Thread Starter 
Reports of phishing emails seeking Apple ID passwords have been making the rounds, with the fraudulent messages leveraging perceived concerns over the extended downtime of Apple's developer website to gain access to sensitive user data.

Phishing


Like past scams looking to grab passwords from unsuspecting Apple customers, the most recent volley of phishing emails, first noticed by ZDNet, take on the guise of relatively official looking correspondence.

Taking advantage of Apple's ongoing developer center downtime, the phishing emails ask users to reconfirm their accounts to avoid "fraudsters" from stealing sensitive information.

The latest attempts are less convincing than previous phishing schemes, with poor grammar and punctuation, the most glaring mistake being the missing capital letter "A" in "Apple." As with most nefarious emails attempting to secure sensitive user data, these Apple-related mailings direct users to a supposed password reset page.

Apple on Sunday announced on its developer website, which at the time had been down for three days, that the Dev Portal was compromised by an intruder. The company has since created a system status webpage to keep developers apprised of the latest updates.

It remains unclear who was responsible for the reported intrusion. A security researcher named Ibrahim Balic came forward on Monday, saying his actions led to Apple's take down decision, but the veracity of the claims have yet to be proven.

According to Apple's system status page, only iTunes Connect and Bug Reporter, which was not affected by the downtime, are currently operational.
post #2 of 14
Hopefully the average Apple Developer is smart enough to see through such crap.
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
post #3 of 14
Wow. Now you see, kids? This is why you should pay attention to grammar in school. No one believes an idiot.
post #4 of 14
Quote:
Originally Posted by grblade View Post

Wow. Now you see, kids? This is why you should pay attention to grammar in school. No one believes an idiot.

This is a most excellent post.

post #5 of 14

A fool cannot be protected from themselves...

"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
post #6 of 14

I was in a Taco Bell yesterday. There was a guy sitting in the restaurant working on his computer. Taped (white label with black text) on the bezel of the screen, in very large letters, was his user id AND password... for all to see. This is what we're dealing with.

post #7 of 14

Broken English and doesn't capitalize the A in Apple.  Seems legit.  lol.gif

post #8 of 14
I don't see how this has to do with the Dev Center downtime at all. Did someone recently steal a list of developer emails, and is targeting developers specifically? That would be news if so, and ZDNet implies it but never states it directly--probably because there's no evidence for any such thing.

This email doesn't even hint at the Dev Center issue--or even hint at developers at all. It sounds like more of the same-old AppleID phishing that has existed for years. It's aimed at everyday ignorant users (they kind that never heard of the Dev Center and don't know it's been down anyway).

What would be more newsworthy is if this same-old kind of phishing did NOT keep happening at the present time! That would have been weird.

Seems like AI is repeating a straight-up trollfiction from ZDNet.

"Taking advantage of Apple's ongoing developer center downtime"... How? How are they taking advantage of anything to do with the developer center? Evidence? Journalism?

Hey, it's all good ad bait.
post #9 of 14
Quote:
Originally Posted by lkrupp View Post

I was in a Taco Bell yesterday. There was a guy sitting in the restaurant working on his computer. Taped (white label with black text) on the bezel of the screen, in very large letters, was his user id AND password... for all to see. This is what we're dealing with.

If it's not on the bezel look at the bottom of laptops. At the office, it's usually on a post-it, stuck on the monitor. Other times it's on the back of the keyboard.
I’d rather have a better product than a better price.
Reply
I’d rather have a better product than a better price.
Reply
post #10 of 14
I hear pencil1 should do the trick.
post #11 of 14
Quote:

 

Originally Posted by grblade View Post

Wow. Now you see, kids? This is why you should pay attention to grammar in school. No one believes an idiot.
 
 
Not only can they not check their grammar, they can't check their audience. A phishing scheme targeting software developers seems doomed to fail.
post #12 of 14
Quote:
Originally Posted by nagromme View Post

I don't see how this has to do with the Dev Center downtime at all. Did someone recently steal a list of developer emails, and is targeting developers specifically? That would be news if so, and ZDNet implies it but never states it directly--probably because there's no evidence for any such thing.

This email doesn't even hint at the Dev Center issue--or even hint at developers at all. It sounds like more of the same-old AppleID phishing that has existed for years. It's aimed at everyday ignorant users (they kind that never heard of the Dev Center and don't know it's been down anyway).

What would be more newsworthy is if this same-old kind of phishing did NOT keep happening at the present time! That would have been weird.

Seems like AI is repeating a straight-up trollfiction from ZDNet.

"Taking advantage of Apple's ongoing developer center downtime"... How? How are they taking advantage of anything to do with the developer center? Evidence? Journalism?

Hey, it's all good ad bait.

Another excellent point.

post #13 of 14
Quote:
Originally Posted by nagromme View Post

I don't see how this has to do with the Dev Center downtime at all. Did someone recently steal a list of developer emails, and is targeting developers specifically? That would be news if so, and ZDNet implies it but never states it directly--probably because there's no evidence for any such thing.

This email doesn't even hint at the Dev Center issue--or even hint at developers at all. It sounds like more of the same-old AppleID phishing that has existed for years. It's aimed at everyday ignorant users (they kind that never heard of the Dev Center and don't know it's been down anyway).

What would be more newsworthy is if this same-old kind of phishing did NOT keep happening at the present time! That would have been weird.

Seems like AI is repeating a straight-up trollfiction from ZDNet.

"Taking advantage of Apple's ongoing developer center downtime"... How? How are they taking advantage of anything to do with the developer center? Evidence? Journalism?

Hey, it's all good ad bait.

You're right! I read that and assumed it had been sent to Dev members only (why else would AI infer the connection) ... but they'd have needed the list of who is a Dev to do that wouldn't they ... DUH! It is indeed totally generic and now you mention it, has it not done the rounds before?
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
"Google doesn't sell you anything, they just sell you!"
Reply
post #14 of 14

Yeah--almost seems like someone at ZDNet really was slobbering over the hope that this would be a bigger Apple scandal... Panic in Cupertino! Developers targeted with malware and phishing! Instead, it seems like the issue was caught in time, and the end result so far is nothing more than downtime, during which it sounds like new systems are being put up--more than just fixing this issue, and thus probably stuff that has been in the works a while. Maybe worse will emerge: the original hacker doesn't sound above-board. But he also doesn't sound likely to mount an attack or sell dev emails--which, last I heard, he might or might not even have.

 

Downtime alone is a big headache for these developers, but ZDNet wanted to find real blood in the water... and when they didn't, I guess they thought they'd invent the smell of it, by falsely connecting an unrelated (and ancient, and minor) story? Another day in tech "journalism."

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Phishing scam takes advantage of Apple Dev Center downtime