One of the biggest reasons Apple users need to beware of phishing attacks is that compromised iCloud accounts are among the most valuable of those traded on the dark web at $15 per account.<\/p>\n
![](\"https:\/\/images.idgesg.net\/images\/article\/2018\/03\/blue-abstract-password-and-login_access_security_internet-100751583-large.3x2.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Jonny Evans| Date: Wed, 07 Mar 2018 03:59:00 -0800<\/strong><\/p>\n One of the biggest reasons Apple users need to beware of phishing attacks is that compromised iCloud accounts are among the most valuable of those traded on the dark web at $15 per account.<\/p>\n Think about the value of your Apple ID data: Not only is your account the golden portal into all your personal data, but it unlocks all manner of other valuable items: credit card details, online purchasing, passwords for your websites and more.<\/p>\n That\u2019s why every Apple ID user really should think about the value of the data they are trying to protect and create tough alphanumeric passcodes, even if they do need to spend significant time memorising those codes.<\/p>\n It is interesting to note that other than banking and financial service IDs, a hacked Apple account is the most valuable single account traded on the dark web. It’s just ahead of a Macy’s account.<\/p>\n You\u2019ll find online bank details trading at an average $160, PayPal logins around $250, and passport details trading at $60. All these forms of data can help hackers break into your private accounts, enabling effective attempts at identity theft.<\/p>\n These insights come from a U.S. study from Virtual Private Network (VPN) comparison service Top10VPN.com<\/a>, who reviewed tens of thousands of listings on popular dark web markets, Dream, Point and Wall Street Market.<\/p>\n The high value of an Apple ID also reflects the wealthier demographic of Apple users, the value of the wealth of associated data in iCloud, and the attachment of payment details to these accounts.<\/p>\n These may seem cheap, but (in the hacker\u2019s mind) they are taking a gamble as not every set of details will be accurate, though Apple ID tends to be more accurate (when sold).<\/p>\n All the same, even at $15, \u201cthe risk of the data being worth nothing to the scammer is \u2018baked in\u2019,\u201d the company told me in an email.<\/p>\n Simon Migliano, Head of Research at the company, warns:<\/p>\n \u201cThere\u2019s a real concern that with such valuable information changing hands so cheaply, there\u2019s nothing to prevent would-be fraudsters from buying up much as they can in the hope of striking it lucky and draining victims\u2019 bank accounts and credit lines.”<\/p>\n It\u2019s not just the obvious scams like bank fraud and ID theft.<\/p>\n \u201cA hacked Airbnb account, for example, could allow a scammer to pocket hundreds in booking fees or even stay at high-end properties as a guest and burglarise the hosts. At less than $8 initial outlay, that\u2019s very appealing to a cybercriminal,\u201d Migliano said.<\/p>\n Apple users need to understand that even though they are using the world\u2019s most secure consumer platforms, their information remains valuable to cybercriminals.<\/p>\n They must also understand that while an Apple existence is relatively free of the regular deluge of malware, dodgy app downloads and other threats experienced on other platforms, threats still exist.<\/p>\n Ultimately, users are the biggest cross-platform security weakness you\u2019ll find.<\/p>\n That\u2019s why Apple is introducing new privacy protection and anti-phishing<\/a> tools in iOS 11.3 and macOS 10.13.4.<\/p>\n These tools aim to warn users when we find ourselves entering confidential data in phoney websites in response to (for example) convincing seeming email requests.<\/p>\n While for most of us those requests are annoying, scammers know that if only one person enters full account details in response to them they can sell those details for fifteen dollars a pop \u2013 victims may not even know they have been scammed until some other party raids their account using those purchased details.<\/p>\n In response to recent wave of App Store related phishing frauds, Apple recently published informatio<\/a>n to help users protect themselves against phishing and other forms of online fraud.<\/p>\n This explains how to identify a real email from Apple. It also advises users of what details Apple never requests, such as SSI numbers, mother\u2019s maiden names, credit card numbers of CCV codes \u2013 if those are requested an email is almost certainly fraudulent.<\/p>\n It also recommends that rather than accessing your account using links in an email, users should access their accounts using a web browser and a typed URL or in Settings\/Preferences on their device.<\/p>\n You should also use two-factor authentication.<\/p>\n The researchers put it like this:<\/p>\n \u201cOur research is a stark reminder of just how easy it is to get hold of personal info on the dark web and the sheer variety of routes that fraudsters can take to get hold of your money. This really underlines the importance of two-factor authentication and more generally, secure use of websites and apps.\u201d<\/p>\n Google+?<\/strong>\u00a0If you use social media and happen to be a Google+ user, why not\u00a0join\u00a0AppleHolic’s Kool Aid Corner community<\/a>\u00a0and get involved with the conversation as we pursue the spirit of the New Model Apple?<\/p>\n Got a story? Please\u00a0<\/strong>drop me a line via Twitter<\/a>\u00a0and let me know. I’d like it if you chose to follow me there so I can let you know about new articles I publish and reports I find.<\/p>\n