If you are an iOS gamer who uses EA’s games then you should read this carefully. A phishing attack has been discovered on EA’s official website that redirects users to a fake My Apple ID page. This page that looks convincingly real due to being identical to Apple’s real page asks for sensitive information from the user that includes First and last name, mothers maiden name, email address, date of birth and more importantly the credit card details including the verification code.
Here’s an excerpt from NetCraft’s article that exposed the scam.
The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website athttps://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/
After user has entered all of this information the fake website redirects to the real Apple website, preventing user from getting suspicious. Oddly enough the hack is being hosted on EA.com, which is a big games publisher with many popular titles for iOS.
EA is said to be investigating the issue so we expect that the hack will be removed soon. Until then avoid going to EA’s website and giving away sensitive details. It is worth mentioning here that you should always check the URL of the page before giving away your credit card details no matter which website you are on. [Gizmodo]