A subdomain of game publisher Electronic Arts' website has been hijacked by fraudsters. Security firm Netcraft reported Wednesday that hackers compromised one of EA Game's servers to host a phishing site that showed a fake Apple login screen set-up.
The fake site worked by tricking visitors into submitting their Apple ID and password into the fake Apple login. The victims were also presented with a second form that asked them to verify their name, birthday, contact number, mother's maiden name, and credit card credentials including the expiration date and verification code as well as other details that the scammers may find useful. The victims were then redirected to the legitimate Apple ID website after submitting their information.
The fake page existed on a subdomain of EA.com and looked exactly like Apple's current login screen.
"The compromised server is used by two websites in the ea.com domain, and is ordinarily used to host a calendar based on WebCalendar 1.2.0. This version was released in September 2008 and contains several security vulnerabilities which have been addressed in subsequent releases," Netcraft reported. "It is likely that one of these vulnerabilities was used to compromise the server, as the phishing content is located in the same directory as the WebCalendar application."
While some may find it far out to use their Apple ID on EA's website, the fake login screen could still entice some visitors to check out what's in it for them if they use their Apple credentials. Being hosted on EA's website also made the phishing page look legitimate.
"The compromised server is hosted within EA's own network. Compromised internet-visible servers are often used as "stepping stones" to attack internal servers and access data which would otherwise be invisible to the internet, although there is no obvious outward facing evidence to suggest that this has happened," Netcraft reported.
EA conducted an investigation after it was alerted of the issue and has already taken down the fake website. "We found it, we have isolated it, and we are making sure such attempts are no longer possible," a spokesperson for the company said. Still, it isn't clear how long the fake page was hosted on EA's server and how many people were victimized by the phishing trap.