Cyber Crisis – EA Servers Used to Phish Apple IDs

Sections of this topic

    Example of how the cybersecurity issues of others can quickly become your own

    As cybercrime becomes ever more lucrative, hackers are seeking to attack specific targets in any way possible. In a reminder of the reality that, even if your systems are secure, there are ways for criminals to target your customers from other angles, it appears a server belonging to EA Games is actually being used to steal personal information from Apple ID users.

    Information security firm Netcraft discovered the situation, and shared details on its blog:

    An EA Games server has been compromised by hackers and is now hosting a phishing site which targets Apple ID account holders.

    The compromised server is used by two websites in the ea.com domain, and is ordinarily used to host a calendar based on WebCalendar 1.2.0. This version was released in September 2008 and contains several security vulnerabilities which have been addressed in subsequent releases.

    The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website at https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/

    You can only imagine the kind of access a hacker would have with all of this information, and considering the phishing site looks and behaves much like the real Apple page, who do you think the average user is going to be upset with when they find their information’s been stolen and used to wreack as much financial havoc as possible across the web?

    There is only so much you can do to protect your organization and stakeholders from truly zealous cyber criminals. Data theft, phishing, and exposure of personal information are just a few of the very real possibilities, and as you can see from this case, the attack could come from very unexpected places.

    Stomach the thought that you could very well be the next victim, prepare to react, and you’ll mitigate the potential damage that much faster when the threat does come. It’s that simple.

    P.S. Never, ever let a website store your credit card data. Some of the allegedly most-secure servers in the world have been the target of credit card and identify theft.

    ——————————-
    For more resources, see the Free Management Library topic: Crisis Management
    ——————————-

    [Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]