After reports emerged from China detailing a sophisticated iCloud phishing attack, Apple has posted instructions on its support pages to help users figure out whether they’re actually on the real iCloud page, or on a fake page meant to steal iCloud credentials from unsuspecting victims. Additionally, Reuters reports, Apple CEO Tim Cook on Wednesday met with China’s vice premier Ma Kai to discuss personal data security.
According to Greatfire’s initial report, a Chinese firewall had blocked all connections to iCloud.com, directing the traffic instead to a dummy site that mimicked Apple’s login page for the service. The same group later told Reuters that Apple rerouted traffic on Tuesday in an effort to circumvent the hack.
“Apple is deeply committed to protecting our customers’ privacy and security,” Apple wrote on its support pages. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”
Apple continued, “The iCloud website is protected with a digital certificate. If users get an invalid certificate warning in their browser while visiting http://www.icloud.com, they should pay attention to the warning and not proceed. Users should never enter their Apple ID or password into a website that presents a certificate warning. To verify that they are connected to the authentic iCloud website, users can check the contents of the digital certificate as shown below for Safari, Chrome, and Firefox—each of which provides both certificate information and warnings.”
On the same page, instructions on how to spot fake Apple pages trying to obtain login credentials from unsuspecting users have also been posted — the full document, complete with images, is available at the source link.
Meanwhile, the Chinese government has strongly refuted the claim that it’s involved in this particular data collection scheme.
Cook and Ma Kai spoke about the “protection of users’ information,” but also about “strengthening cooperation and in information and communication fields,” according to the report.