A couple of months ago we reported how an app store phishing email is stealing Apple user credentials. Now a government of Vietnam domain belonging to its Tam Ky City was found redirecting visitors to another compromised domain asking them to login with their Apple IDs.

The domain hosting the phishing page was anphutamky.gov.vn, redirecting users to a phishing trip towards Apple IDs. The domain link was included in an email, which appeared to be French in nature.

Here’s the email example sent to the users:

“DEAR CUSTOMER,

YOUR APPLE ID WAS USED TO LOG INTO ICLOUD FROM AN UNAUTHORIZED COMPUTER.

YOUR ACCOUNT IS NOW LOCKED, PLEASE LOG INTO YOUR ACCOUNT TO CHECK YOUR INFORMATION.

CLICK HERE (COMPROMISED GOVERNMENT DOMAIN LINK)

APPLE SUPPORT

The link leads to anphutamky(dot)gov(dot)vn/cu/install/css/” which contained little other than code to redirect the visitor. The potential victim was sent to skintesting(dot)com(dot)au/components/com_mailto/views/sent/tmpl/auth/ which is just another compromised domain seeking Apple login credentials. The rogue pages have been taken offline.

As far as Apple ID owners, please always verify that you are on the right page before submitting your login credentials. Unless you have asked Apple specifically to send you a URL for let’s say password resetting or any other reason, kindly avoid clicking on random URLs.

So beware and don’t fall for such emails.

Phishing attacks are the most successful ones because unsuspecting users fail to check the site link. With all those news about viruses, people forget that email is still an viable asset for hackers, despite losing on popularity with all the new technology.