A Chinese consumer group has demanded that Apple provide financial compensation to those people who lost money through a recent phishing attack.
It has accused the Cupertino company of shirking its responsibility over the incident …
Background
A number of Chinese consumers saw fraudulent purchases made through Apple’s App Store after their Apple IDs were hijacked. Many had Alipay or WeChat Pay accounts linked as payment method for apps, meaning money was taken from these. Some users reportedly lost up to 2,000 yuan ($288), the ceiling for such transactions.
At the time, it wasn’t clear how the login credentials were obtained, but Apple later said that it was through a phishing attack on Apple ID owners who did not have two-factor authentication (2FA) enabled. Phishing is when a bad actor sends a fake email purporting to be from Apple and asking them to login to their account. Very often this will be given urgency by a fake invoice for an expensive app subscription, asking them to login to cancel the transaction if it was not made by them. When they login to the fake website, the attacker gets their credentials.
The issue, then, was nothing to do with Apple itself, but sensitivities are such that the company issued an apology.
Latest development
Reuters reports that the China Consumer Association thinks the company needs to do more.
Apple responded by simply referring back to its original statement, which says that it is reaching out to affected customers, and that it strongly advises all Apple ID owners to enable 2FA.
“Apple should not shift the blame, play down its own safety issues and divert consumers’ attention,” the association said.
Just to add to the headache at Apple’s end, some Chinese customers are fraudulently claiming that they were victims of the phishing attack.
The phishing incident follows the media furore after seemingly-false allegations of Chinese spy chips found in Apple servers.
Image: Shutterstock