phish scam

As most of you know, Apple’s Developer Center has been offline for going on 7 days now. The company posted an update to the situation yesterday, outlining when services will be available, but it’s still not clear when the portal will be fully functional again.

The breadth of the outage is far-reaching—Apple has hundreds of thousands of app developers worldwide. So it’s no surprise that some not-so-nice people have decided to exploit the situation by sending out malicious emails, pretending to be the company…

The email, sent out to thousands and first posted by ZDNET, reads:

“Dear Apple Customer,

To get back into your apple account, you’ll need to confirm your account. It’s easy: Click the link below to open a secure browser window. Confirm that you’re the owner of the account and then follow the instructions.

Update Now

Before log in your account will be Confirmed, let us know right away. Reporting it is important because it helps us prevent fraudsters from stealing your information. Yours sincerely, apple.”

The email portrays itself as a letter of authorization from Apple, asking iTunes users to ‘confirm’ their login information to regain access to their accounts. While admittedly, it’s better than the “wealthy prince in Africa” stories, it’s still easy to identify it as a fake.

For starters, the wording isn’t very Apple-like and there are a number of grammatical errors—notice how Apple isn’t capitalized. ZDNET also notes that the site the email points you to, where it asks you to enter your credentials, is not a legitimate Apple domain.

phishing scam

Phishing attacks like this are a relatively easy way for someone to steal your data. Users click on a malicious email, which they believe to be from a reputable source, opening their system up to attack. This can install malware or pull login info, depending on the bug.

And according to Security firm Kaspersky Lab, there has been a dramatic increase in the last 6 months of phishing scams targeted at Apple users. For example, it detected 1 million attacks in one day, in December of last year, following an international iTunes launch.

So as a rule of thumb, always double and triple check emails that ask for sensitive information. Most companies won’t even do it, unless they’ve explicitly told you they were going to. Apple developers, you can check here for the latest info on the dev center status.