Online scams 'target Apple customers for richer pickings' Published duration 13 April 2016

image copyright PA image caption Apple customers can be lucrative targets for scammers

Cybercriminals are targeting people using Apple products as they are more likely to have disposable income, a security expert has warned.

Blogger Graham Cluley said that while malware was more common on Windows, Apple customers could not "afford to be lackadaisical" about security.

On Monday, he reported a text message scam that tried to trick people into handing over account information.

Apple's support site warns customers not to enter details on spoof sites.

The text message scammers sent out alerts to victims' smartphones, claiming their Apple ID accounts were going to expire. The message encouraged people to visit a fake website where they were asked to enter their account information.

"It tried to grab personal information and credit card details with the aim of committing identity theft," said Mr Cluley.

"They deliberately took advantage of people's trust in the Apple brand to steal information.

"Avoid clicking on links in emails because they might take you somewhere phishy. Instead go to the website directly and log in that way."

image caption The spoof website looked identical to the real thing

The spoof website has since been blocked by web browsers such as Chrome and Firefox.

Apple's support website says customers "should never enter Apple account information on any non-Apple website".

"In general, all account-related activities will take place in the iTunes application directly, not through a web browser," it explains.

On Tuesday, Mr Cluley reported on a second scam disguised as an update to Adobe Flash, which encouraged victims to install a new version of the software.

In a blog about a discovery by the security firm Intego he wrote : "The best advice for many users may be to ensure that you have configured Adobe Flash Player to automatically update itself."

Apple's Mac OS X operating system does have a safeguard, enabled by default, that prevents people installing software written by unknown developers. However, it appears the attackers were able to circumvent this.

"The fake Flash update attack appears to have used a stolen Apple Developer certificate, suggesting that some third-party Mac developers may be being sloppy about their own security and putting the rest of us at risk as a result," Mr Cluley told the BBC.

"The truth is that criminals will go where the money is.

"Apple products cost more than some of their competitors so it's likely that their customers have more disposable income. That's cash which the bad guys would like to have filling their pockets."