Two websites in the EA.com domain used the compromised server which ordinarily hosts a calendar based on WebCalendar 1.2.0. It's believed that hackers utilized a vulnerability in the outdated version of WebCalendar to modify settings and execute arbitrary code. The phishing content was spotted in the same directory as the WebCalendar application.
The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website at https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/
Netcraft blocked access to all the phishing sites discovered and informed EA yesterday that their server had been compromised. However, the vulnerable server — and the phishing content — was still online when they posted about it this morning.
Thankfully the latest official statement from EA spokesperson John Reseburg indicates the phishing site is shut down.
“We have found it, we have isolated it, and we are making sure such attempts are no longer possible. Privacy and security are of the utmost importance to us.”
As always, we recommend you double check the address in your browser before entering any personal information into a website. If possible, navigate to the site directly; rather than using links.