New Phishing Attacks Look Like Emails From Apple

January 2, 2019

Written by wukovits

There’s a new, widespread phishing campaign underway that you need to be aware of if you use the Apple App store at all.  At this time, no one knows who’s behind the campaign, but already, a surprising number of people have been taken in by it.

The campaign works like this:

You’ll receive an email that appears to be from Apple confirming your recent purchase of a $30 app.  The email contains a PDF that the sender claims is your receipt.  This is a lie, and once you click on the PDF to see what you supposedly spent money on, they have you.

Clicking on the PDF reveals what appears to be a receipt from Apple.  At the bottom of the PDF, there’s a helpful link with a note that informs users that if they did not authorize this transaction, they can click the link to get a full refund. Clicking on the link brings the user to an exact replica of the Apple Account management portal.

If the user enters their login credentials, they’ll get a message that their account has been locked for security reasons, and informed that they must unlock their account before signing in.  In the user’s mind, this underscores the notion that their account has been compromised, which will prompt them to try and remedy the situation by unlocking their account and changing their password. Unfortunately, this is exactly what the scammers are hoping for.

When a user clicks the “Unlock Account” button they’ll be asked to verify their account information, including their full name, their address, telephone number, social security number, date of birth, payment information, driver’s license and/or passport number, and security questions.

Once they give all this to the scammers, the user will be redirected to the actual Apple account management page. The brilliant (and disturbing) part of this elaborate scheme is that they do so in a way that causes the Apple page to load with a message stating “this session has timed out for your security,” which reinforces the story the user has been given to this point.

You log on normally and see no sign of the previously mentioned charge, so you assume all is well, and it is – except for the fact that you’ve inadvertently handed the scammers everything they need to steal your identity.

If you use the Apple App store even occasionally, be on the lookout for emails like this.  It could cost you more than you realize.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Send us a message

Your message was sent.