In order to make sure a phishing campaign works, the victim has to believe an email is legitimate. It’s no surprise that the Apple security breach is the latest event to be taken advantage of.
Phishing attacks are a relatively simple way to steal data. Users click on an email they believe to be legitimate, allowing malware to be installed or submitting login details for a service, whether it be a fake bank email, service, or the Spanish lottery. Perhaps if you’re particularly lucky, there is a wealthy gentlemen in Africa who wants to transfer millions of dollars to your account — but only if you forward along some of the costs in advance, of course.
Phishing campaigns have advanced from the days of poorly-written English and laughable stories. Now, some scammers take pains to make sure the email looks legitimate, from including a PayPal logo to the typical disclaimer of a bank at the bottom. Once clicked on, users are often directed to legitimate-looking websites set up to store the credentials you input.
SOURCE: zdnet.com