Just 24 hours after the world learned about the dangerously convincing Google Docs phishing scam, a security company revealed a very similar exploit involving the Apple ID log-in screen. And, weirdly enough, it’s hosted on EA’s website. Netcraft explained the scam on its blog on Wednesday. It begins with a legitimate EA.com URL that redirects to what appears to be a legitimate Apple ID log-in screen. But it’s not. Once you enter those details, you’re taken to a second screen that asks for a host of personal details, including your full name, credit card number (and verification code), date of birth—even your mother’s maiden name! When you click okay on that screen, you’re redirected to the actual Apple ID home page. It’s unclear exactly how the hackers behind the phishing scheme are sending people to the EA domain and fake Apple ID log-in page, but it’s easy to imagine it being couched in some email about an Apple offer, maybe even something related to EA’s many iPhone games.
Read the full story at Gizmodo and the full explanation at Netcraft.