Some time ago I was writing a tutorial in which I looked How two-factor authentication can be disabledi For your Apple account. Apple ID Or your account iCloud As it is called more popular. We do not encourage you to do this because you risk being left without Apple accounts. To better understand what an Apple / Apple ID account means, we are just saying a few things that anyone with the password for this account would have access to. Account being composed From an email address used to sign up and The associated password)
By default, you can not use an iPhone, iPad, iPod or Mac unless you have an Apple ID. It is the account you are asked to create when you are IPhone for the first time Or other Apple device. With this account (email address and password) you have access to all data stored by your devices in Apple iCloud: mails, pictures, notes, Calendar notes, reminder. For Mac users, folders desktop si Documents Are synced into your account to be accessed from anywhere, if you have the Apple account user and password. Besides these data, there are few users who have added Bank card data In your Apple account. There's nothing wrong with this. That's how it can be Bought games, applications si Music from App Store si iTunes. This would be a part of the data that anyone with your Apple email address and password would have access to.
The problem is that Apple has developed and increased the service usage Pay Apple Through which they can be done Pay online for online stores And off-line payments, the interest of hackers for iCloud accounts has increased greatly.
Today I received at least a worrying mail. Lately, we have heard of the celebrations cyber attacks In which emails and emails were targeted Bank accounts, By the method known as "Phishing scam"- Electronic deception. Every time I say that if the user knows where to look when he receives a mail, Will be fully protected. The prevention method involves a little "paranoia". Let's look every time in the header of the message we received, check the address from which the message was sent and the URL of the webpage that we are urged to enter accounts, password, or other sensitive data.
Here's how a phishing message looks like asking me to log in to your Apple account urgently using your email address and password under threat as otherwise Apple's account will be blocked.
Your account has been locked, To continue using your account please update your information by clicking the link below so we know this account is yours. Once you have updated it, you can continue using the account again to receive and send payments. Once you have updated it, you can continue using the account again to receive and send payments.
Log In Apple
Apple Support "
The link I'm invited to authenticate leads to a web page identical to Apple's official one. What's more interesting is that it has SSL certificate (Locked) that is a secure connection. The only thing I can figure out is abnormal is the URL, which is not Apple.
Phishing scam page
Apple's official website
It looks like, is not it? :)
As technical details, the mail was Sent from an IP of Google Inc. And passed the filters successfully Anti-spam and anti-phishing But Microsoft. The message was received on an @ live.com email address.
How can we protect our Apple ID and personal data stored in Apple iCloud
In the scenario where you dropped into the net and you entered The email address and password associated with your Apple ID, The only thing that can really save you is to have it Enabled two-factor authentication.
Two-Factor Authentication Can be enabled from Apple's account under security settings. Then every time you enter your password on another Apple device you will receive an authorization code of the 6 digits needed for authentication.
There is also the possibility that this code is received via SMS.
This authentication method is implemented by more and more online services that require additional security. Especially those involving the use of a credit card. This year 3D secure passwords generated by tokens for online shopping have been removed, banks opting for this code to be sent via SMS to the cardholder's phone number.