Scams using its name are not uncommon, but phishing pages hosted on another major company's website are definitely worth looking into. Experts discovered a phishing page hosted on a hacked server owned by Electronic Arts (EA), a world-renowned video game company.
Experts from Netcraft report that the attackers violated a server hosting two domains of ea.com.
That said server φιλοξενεί μια παλιά έκδοση ( 1.2.0) της ημερολογιακής εφαρμογής WebCalendar. Η έκδοση αυτή υπάρχει από το 2008 και ήταν γεμάτη vulnerabilities that could be exploited by hackers. For example, attackers could exploit the CVE-2012-5385 vulnerability, through which they modified the settings and potentially executed some malicious code.
The fake page is designed to look like its login page Apple Lossless Audio CODEC (ALAC), and in which the victims should enter their Apple ID and their password. He then asked for the name and number of the payment card, the expiration date, the CVV number, the date of birth and other personal information.
When information was given to cyber criminals, the victims were transferred to the actual Apple website, so they would not be suspicious.
The problem with phishing pages hosted on trusted servers is that they are very difficult to detect.