updated 01:44 pm EDT, Wed May 1, 2013
Targeted sites narrowed down to Houston IP address
The people responsible for a new Apple ID phishing scam have compromised 110 websites, says security firm Trend Micro. All of the sites are hosted on a specific IP address, 188.8.131.52, which is registered with an ISP based in Houston, Texas. "Almost all of these sites have not been cleaned," Trend Micro remarks.
The firm notes that the criminals behind the act are targeting not just Americans but also British and French Internet users. Some of the phishing attempts ask not only for an Apple ID, but also other personal information such as billing addresses and credit card numbers. Victims are told that the information is needed to restore access to Apple services, but in truth it's being stolen by unknown parties.
The culprits appear to be foreign, as a sample phishing email shows extremely poor grammar. Trend Micro points out that this and inconsistent domains in email addresses and web links should make it easy to spot phishing attempts. In some countries, Apple's two-step verification for account changes should prevent Apple IDs from being hijacked.