Some ingenious hackers decided to put an Apple ID phishing site where users would expect to find it least: on a trusted website such as EA.com, Internet security firm Netcraft has discovered. As a result of the breach, unsuspecting EA customers were redirected to the fake Apple site – which looks just like the real thing, by the way – and lured into giving away their Apple ID credentials.
Once these details are filled in, the user is prompted to verify full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name and other details that could be useful to the attacker. Even more interesting, once these details are also submitted, the user is sent at Apple’s actual Apple ID website, with the user never realizing he or she has entered personal data into a phishing site in the first place.
In addition to hosting this Apple ID phishing site, EA Games is also under attack by hackers that want to steal Origin credentials.
Netcraft says it has blocked access to all phishing sites discovered, and notified EA Games about it, but the phishing content was apparently still online at the time it published its post on Wednesday. It’s not clear though whether any Apple customers were affected by this phishing scam.
A screenshot showing the phishing site hosted on EA’s servers follows below.