Recent reports of iCloud phishing attempts in China illustrate just how important it is always verify that you’re logging into legitimate websites before you enter your precious passwords.
To help, Apple today outlined how users can protect themselves from phishing attacks, in which bad guys pose as legitimate entities in an attempt to gain sensitive data on the web. Apple’s simple PSA page shows how web surfers can verify the authenticity of any website.
“Apple is deeply committed to protecting our customers’ privacy and security,” said the company. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”
Phishing, or performing a “man-in-the-middle” attack, can easily go unnoticed by the untrained eye. That’s why Apple is wanting to make it clear that iCloud.com is protected by a “digital certificate.” Whenever another site tries to impersonate it, an “invalid certificate warning” will display in Safari. Apple’s support document also lays out how to see if you’re safe in Google Chrome and Firefox.
If you heed these warnings, you will be protected. According to the watchdog group Great Fire, many of the phished users in China were using the Chinese browser Qihoo, which does not warn when a certificate is legitimate.