The attempt comes via email, posing as an “Apple ID Information Updated” notification from the Cupertino giant:
Subject: Account Info Change
The following information for your Apple ID [email address removed] was updated on 04/11/2013:
Shipping and/or billing address
If these changes were made in error, or if you believe an unauthorised person accessed your account, please reset your account password immediately by going to [link removed].
To review and update your security settings, sign in to [link removed].
This is an automated message. Please do not reply to this email. If you need additional help, please visit Apple Support.
Apple Customer Support
Those who mistake it for a legitimate email and follow the offered link are taken first to a bogus Apple login page, and then to another one containing a form that apparently needs to be filled with account and credit card details.
Needless to say, the shared information ends up in the hands of the phishers, and they will use it for fraudulent purposes.
“Like other high-profile Internet companies, Apple is regularly targeted by phishing scammers,” notes Hoax-Slayer, and adds: “Be wary of any unsolicited message from Apple that claims that you must provide login details and account information by clicking a link or opening an attached file.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.