Over a week ago, the Apple Developer Center was hacked, and the company acknowledged that some developer information may have been stolen. Even after notifying the public of the issue through the developer center website, and putting up a system status page, it seems scammers aren’t going away as the company had hoped. While the Developer center outage persists, a new phishing scam related to the outage has taken hold.
A number of developers mentioned soon after Apple’s update that they received an email with instructions for developers to log-in and change their passwords in order to secure their account. The scam mentions the recent developer outage to make the email look as real as possible. In fact, it does look very real at a quick glance, and even uses Apple’s signature white, gray and blue for emails. However, if Apple did send out an official email to change passwords, it would mean that large parts of the developer center are back online, which they’re not.
Another way to tell is by the text written in the email, which uses words such as “fraudsters” and includes a number of grammatical errors. In emails, it is always important to check the sender, though Apple emails often have a web address or a legitimate address on the bottom of the email that signifies credibility. Many developers will be able to tell a fake email from a real one, having received plenty of legitimate emails from the company. However, it’s possible the outage could cause developers to want to quickly change their passwords in order to protect themselves for any future hacks. As a result, many may click through to the bogus site without scanning the email first.