Some time ago I was writing a tutorial in which I looked How two-factor authentication can be disabledi for the account Apple. Apple ID Or your account iCloud as it is called more popular. We do not encourage you to do this, as you risk running out of accounts Apple. To better understand what an account means Apple / Apple ID, in the following we tell you just a few things that someone who would have the password for this account would have access to. The account being composed From an email address used to sign up and The associated password)
By default, you cannot use an iPhone, iPad, iPod or a Mac if you do not have one Apple ID. It is that account that you are required to create when IPhone for the first time or other device Apple. Through this account (email address and password) you have access to all the data stored by your devices in Apple iCloud: mails, pictures, notes, Calendar notes, reminder. For Mac users, folders Desktop si Documents they are synchronized in the account so they can be accessed from anywhere, if you have the user's password and account Apple. Besides these data, there are few users who have added Bank card data account Apple. There's nothing wrong with that. Only I can be Bought games, applications si Music from App Store si iTunes. These would be part of the data that someone with access to your email address and account password would have access to. Apple.
The problem is as of when Apple developed and expanded the area of service use Apple Pay Through which they can be done Pay online for online stores And off-line payments, the interest of hackers for iCloud accounts has increased greatly.
Today I received at least a worrying mail. Lately, we have heard of the celebrations cyber attacks In which emails and emails were targeted Bank accounts, by the method known as “Phishing scam"- Electronic deception. Every time I say that if the user knows where to look when he receives a mail, Will be fully protected. The prevention method involves a little "paranoia". Let's look every time in the header of the received message, to check the address from which the message was sent and the URL of the web page on which we are urged to enter our accounts, password or other sensitive data.
Here's what a phishing message looks like in which I am asked to sign in to my account urgently Apple using the email address and password under threat as otherwise your account Apple it will be blocked.
"Dear [email protected],
Your account has been locked, To continue using your account please update your information by clicking the link below so we know this account is yours. Once you have updated it, you can continue using the account again to receive and send payments. Once you have updated it, you can continue using the account again to receive and send payments.
Log In Apple
Apple Support "
The link I am invited to authenticate leads to a web page identical to the official one Apple. What is more interesting is that it has SSL certificate (the lock) which attests to a secure connection. The only thing I can figure out is something abnormal, is the URL, which is not a Apple.
Phishing scam page
Official page Apple
It looks like, is not it? :)
As technical details, the mail was Sent from an IP of Google Inc. And passed the filters successfully Anti-spam and anti-phishing But Microsoft. The message was received on an @ live.com email address.
How can we protect ourselves? Apple The ID and the personal data stored in the account Apple iCloud
In the scenario where you dropped into the net and you entered e-mail address and password for the account Apple ID, The only thing that can really save you is to have it Enabled two-factor authentication.
Two-Factor Authentication can be activated from the account Apple under the security settings. Then each time you enter the password, on another device Apple you will receive an authorization code from 6 digits, required for authentication.
There is also the possibility that this code is received via SMS.
This authentication method is implemented by more and more online services that require additional security. Especially those involving the use of a credit card. This year 3D secure passwords generated by tokens for online shopping have been removed, banks opting for this code to be sent via SMS to the cardholder's phone number.