Apple ID password scam attacks thousands of email accounts

Thousands of people with iPhones, iPads and other Apple devices are targets of a new round of email spam that could mean big trouble if you respond.

It's a phishing scam, involving fake emails designed to make you think there's an issue with your Apple ID password.

The emails appear to mimic the alert you get when you reset your Apple ID password, but these alerts are unsolicited. And, unlike other phishing scams we've warned about, the scammers behind this attack are hitting businesses email lists as well as personal email.

Technology experts at Fisher Plaza say one objective appears to be getting your password- to take over your Apple accounts.

"Attack your iPhones, your iPads. They have a lot of control over your Apple devices if they get in to your Apple ID," explained Fisher IT Tech Andrew Baker.

According to Chet Wisniewski, with the IT Security firm SOPHOS, the Apple ID spam started hitting computers late Monday. Wisniewski is in Seattle for an internet security conference.

He sent some of the scam emails we received to his research lab in Vancouver, BC. A quick analysis revealed more bad news. As suspected, the links take you to a fake website, but your password is not the only objective.

"This website has been rigged up with all kinds of booby traps, in essence, trying to find bugs in the software on your computer with a virus," Wisniewski said.

If you get the email at work, do not open it. Forward it to your IT team as malicious spam. If you get it at home, delete it immediately. When you hold your mouse over the links on the fake Apple email, you'll see they're actually hiding the domains of websites around the world that have been hacked- and used to carry out the scam.

"We've seen things that can instruct your computer to attack other people's websites. We've seen things that are designed to lay dormant until you're logging into your online banking account," Wisniewski warned.

And remember, the worst thing you can do with any spam you get is click on a link.

A spokeswoman could not respond to this scam specifically but acknowledged it's a phishing attack and the emails are not from Apple. She referred me to the company's website dedicated to helping you avoid falling for phishing scams that claim to be from Apple.