A Chinese consumer group has demanded that Apple provide financial compensation to those people who lost money through a recent phishing attack.
It has accused the Cupertino company of shirking its responsibility over the incident …
A number of Chinese consumers saw fraudulent purchases made through Apple’s App Store after their Apple IDs were hijacked. Many had Alipay or WeChat Pay accounts linked as payment method for apps, meaning money was taken from these. Some users reportedly lost up to 2,000 yuan ($288), the ceiling for such transactions.
At the time, it wasn’t clear how the login credentials were obtained, but Apple later said that it was through a phishing attack on Apple ID owners who did not have two-factor authentication (2FA) enabled. Phishing is when a bad actor sends a fake email purporting to be from Apple and asking them to login to their account. Very often this will be given urgency by a fake invoice for an expensive app subscription, asking them to login to cancel the transaction if it was not made by them. When they login to the fake website, the attacker gets their credentials.
The issue, then, was nothing to do with Apple itself, but sensitivities are such that the company issued an apology.
The company said ‘we are deeply apologetic about the inconvenience caused to our customers by these phishing scams’, which it said affected a ‘small number’ of user accounts.
Reuters reports that the China Consumer Association thinks the company needs to do more.
The China Consumer Association said in a statement on its website that Apple should not shirk its responsibility and should compensate consumers in full.
“Apple should not shift the blame, play down its own safety issues and divert consumers’ attention,” the association said.
Apple responded by simply referring back to its original statement, which says that it is reaching out to affected customers, and that it strongly advises all Apple ID owners to enable 2FA.
Just to add to the headache at Apple’s end, some Chinese customers are fraudulently claiming that they were victims of the phishing attack.
The U.S. company, which makes and sells huge numbers of its products in China, added the issue had also led to a rise in “false and fraudulent refund claims trying to take advantage of this incident.”
The phishing incident follows the media furore after seemingly-false allegations of Chinese spy chips found in Apple servers.