-1

My GF received a random email from iTunes saying that she had started a new subscription, its a very convincing email until closer inspection. Anyway she clicked the link at the bottom to cancel it and it took her to a phishing website which looks like the apple id login page...(falm palm) This website was loaded via a proxy site which contained a random php script before forwarding to the final site.

Im a sys admin so im highly security conscious. In hindsight I wish I saved the email so I could load the link in a VM to inspect the HTML code. However I think there's a possibility it could of been an XSS or CSRF attack.

So this email and link was pressed on an iphone 6 using the safari browser built into the phone (there was no senstive webpages open on safari at that time), i have since disabled javascript and deleted all her cookies and will reformat when I get a chance later on, iv asked her to change facebook, bank, paypal passwords etc too on a different PC.

I dont know very much about iphone security, do you think this is still a threat after the steps I have taken if it is indeed an XSS and CSRF attack?

If its standard phishing, she never logged into the bogus itunes site with any credentials so im happy thats ok.

Matt B
  • 3
  • 1

1 Answers1

3

It sounds like standard phishing page with the aim of stealing passwords and nothing more than that. XSS and CSRF attack will only work if these vulnerabilities exist in itune websites and not on any phishing page. When browser load website it uses cookie which is stored in browser with the name of its website and due to same origin policy it will not send any cookies or sensitive data to any other domain (phishing page) unless it is explicitly stated by website owner by implementing cors mechanism

mohammad obaid
  • 156
  • 2