or Connect
AppleInsider › Forums › General › General Discussion › Apple IDs targeted in phishing scam through hacked Electronic Arts servers
New Posts  All Forums:Forum Nav:

Apple IDs targeted in phishing scam through hacked Electronic Arts servers

post #1 of 12
Thread Starter 
The servers of video game publisher Electronic Arts have apparently been compromised, with a new phishing page set up with the intend of stealing Apple ID usernames, passwords, and credit card information.




Two websites using the ea.com domain used to host calendars have been hacked, and are being used to host a phishing site that appears identical to Apple's own website. The new phishing attempt was exposed on Wednesday by security research firm Netcraft.

On the page, users are asked to sign in with their Apple ID and accompanying password, though the page itself is hosted on ea.com. After a person enters their information, a second page asking for full name, credit card number, expiration date, verification code, date of birth, phone number, mother's maiden name, and other information.

Once a user has been tricked into submitting their details, they are redirected to the actual Apple ID website, in an attempt to play the left off as legitimate.

Netcraft was able to verify that the compromised server is hosted within EA's own network, and that the hacker who implemented the attack has installed and executed PHP scripts on EA's server.

Apple ID login credentials are a common target for hackers, as the information is used to access a variety of content offered by Apple from the App Store and iTunes.


Apple's Safari verifies a legitimate, secure login page.


As of last year, it was estimated that Apple has an account base of more than 500 million users with active credit cards tied to their Apple ID. That makes Apple's user base one of the largest and fastest growing groups among technology companies, second only to Facebook.

Social engineering techniques, such as phishing scams that appear to present a legitimate website, are one of the most successful ways for nefarious hackers to steal users' personal and financial information. Websites such as the one illegally hosted on EA's servers attempt to dupe unsuspecting users into handing over usernames, passwords, credit card information and more.

Presenting login forms under the "trusted" name of a brand such as Apple is another common practice in online phishing attempts. Users should always check that the URL of the current page they are visiting is associated with the service they believe they are logging into, and modern browsers such as Apples' Safari will also offer visual indications that the current website is legitimate, certified and secure.
post #2 of 12

EA continues their pioneering trend of being loathsome in every form imaginable.

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #3 of 12

EA has been too busy with there release of Titanfall to be bothered with such stuff i suppose :) Did the hackers manage to get any one to put in there Apple ID in there ?

post #4 of 12
Quote:
Originally Posted by AppleInsider View Post

That makes Apple's user base one of the largest and fastest growing groups among technology companies, second only to Facebook.

People leave their CC info at FB? For what? Can you buy something over at FB? Pro membership or something?
I’d rather have a better product than a better price.
Reply
I’d rather have a better product than a better price.
Reply
post #5 of 12

People leave their CC info at Apple ID account?  Why?  just buy cash cards at Frys when they're on sale.

post #6 of 12

The Fools and his money are soon parted....

 

Really how many time do people have to be told, never ever click on any links in an email, go to the actual website and long in. How hard is that to remember.

post #7 of 12
It's not just EA. My mother emailed me about this scam last week, asking if it was legit or not. Take a good look at the address bar:




The scary thing is the email that included the link to the page was titled "You iOS device was recently used to purchase "World War Z." She had just downloaded the book and movie a week prior, which almost led her to fill the info out. Thankfully she remember the lecture I gave her and my dad about sites like this that ask for credit card info, and to always look for the little padlock symbol in the address bar before putting in CC info. That's when she noticed the "CreativeMedia" address.

I've seen plenty of phishing scams, but this one was pretty good.
post #8 of 12

I hope this gets counted by analysts as a case where iOS is insecure.

 

 

I mean, poor Android. Looks so alone in those malware figures.

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #9 of 12

Did the article said people were leaving their CC info with FB? All they were comparing were the number of users of each tech companies.

post #10 of 12
Quote:
Originally Posted by Tallest Skil View Post
 

EA continues their pioneering trend of being loathsome in every form imaginable.


I wouldn't say their the pioneers of that trait. That would be Samsung. :/

post #11 of 12
Quote:
Originally Posted by ipen View Post

People leave their CC info at Apple ID account?  Why?  just buy cash cards at Frys when they're on sale.

You don't even have to enter a code anymore, just hold it up for the camera.

At the moment they are 20% off at Coles express or two $A20 vouchers for $30 at a shop a couple of doors down from where I work.
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #12 of 12
Quote:
Originally Posted by Emes View Post


I wouldn't say their the pioneers of that trait. That would be Samsung. :/

Sony...

Root kit...

...'nuff said.
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple IDs targeted in phishing scam through hacked Electronic Arts servers