Phishing scam takes advantage of Apple Dev Center downtime

article thumbnail

Reports of phishing emails seeking Apple ID passwords have been making the rounds, with the fraudulent messages leveraging perceived concerns over the extended downtime of Apple's developer website to gain access to sensitive user data.

Like past scams looking to grab passwords from unsuspecting Apple customers, the most recent volley of phishing emails, first noticed by ZDNet, take on the guise of relatively official looking correspondence.

Taking advantage of Apple's ongoing developer center downtime, the phishing emails ask users to reconfirm their accounts to avoid "fraudsters" from stealing sensitive information.

The latest attempts are less convincing than previous phishing schemes, with poor grammar and punctuation, the most glaring mistake being the missing capital letter "A" in "Apple." As with most nefarious emails attempting to secure sensitive user data, these Apple-related mailings direct users to a supposed password reset page.

Apple on Sunday announced on its developer website, which at the time had been down for three days, that the Dev Portal was compromised by an intruder. The company has since created a system status webpage to keep developers apprised of the latest updates.

It remains unclear who was responsible for the reported intrusion. A security researcher named Ibrahim Balic came forward on Monday, saying his actions led to Apple's take down decision, but the veracity of the claims have yet to be proven.

According to Apple's system status page, only iTunes Connect and Bug Reporter, which was not affected by the downtime, are currently operational.