Security firm FireEye has found malicious phishing campaigns targeting Apple iCloud users through the use of phony Apple domains.
FireEye has reported that since January this year, several phishing campaigns have targeted the Apple IDs and passwords of Apple users in China and the United Kingdom.
An Apple ID is provided to all of Apple's customers, allowing users access to services such as iCloud, the iTunes Store, and the App Store. According to FireEye, anyone with access to an Apple ID, password, and some additional information, such as date of birth and device screen lock code, can completely take over the device and use the credit card information to impersonate the user and make purchases via the Apple Store.
One of the phishing kits found by FireEye, named zycode, targeted Apple users in China by mimicking over 30 Apple domains, appearing as an Apple login interface for Apple ID, iTunes, and iCloud designed to lure people into submitting their Apple IDs.