Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat

By on

With the holidays rapidly approaching, many consumers are receiving order confirmation emails updating them on their online purchases for friends and family. What they don’t expect to see is an email that appears to be a purchase confirmation from the Apple App Store containing a PDF attachment of a receipt for a $30 app. This is actually a stealthy phishing email, which has been circulating the internet, prompting users to click on a link if the transaction was unauthorized.

So how exactly does this phishing campaign work? In this case, the cybercriminals rely on the victim to be thrown off by the email stating that they purchased an app when they know that they didn’t. When the user clicks on the link in the receipt stating that the transaction was unauthorized, they are redirected to a page that looks almost identical to Apple’s legitimate Apple Account management portal. The user is prompted to enter their login credentials, only to receive a message claiming that their account has been locked for security reasons. If the user attempts to unlock their account, they are directed to a page prompting them to fill out personal details including their name, date of birth, and social security number for “account verification.”

Once the victim enters their personal and financial information, they are directed to a temporary page stating that they have been logged out to restore access to their account. The user is then directed to the legitimate Apple ID account management site, stating “this session was timed out for your security,” which only helps this attack seem extra convincing. The victim is led to believe that this process was completely normal, while the cybercriminals now have enough information to perform complete identity theft.

Although this attack does have some sneaky behaviors, there are a number of steps users can take to protect themselves from phishing scams like this one:

  • Be wary of suspicious emails. If you receive an email from an unknown source or notice that the “from” address itself seems peculiar, avoid interacting with the message altogether.
  • Go directly to the source. Be skeptical of emails claiming to be from companies asking to confirm a purchase that you don’t recognize. Instead of clicking on a link within the email, it’s best to go straight to the company’s website to check the status of your account or contact customer service.
  • Use a comprehensive security solution. It can be difficult to determine if a website, link, or file is risky or contains malicious content. Add an extra layer of security with a product like McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

Categories: Consumer Threat Notices
Tags: , , ,

Leave a Comment

Similar articles

Epic Games’ Fortnite has risen in popularity rapidly since its debut, and cybercriminals have leveraged that popularity to enact a handful of malicious schemes. Unfortunately, these tricks are showing no signs of slowing, as researchers recently discovered a security flaw that allowed cybercriminals to take over a gamer’s Fortnite account through a malicious link. This attack specifically ...
Read Blog
As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making ...
Read Blog
Microsoft recently patched a critical flaw in Internet Explorer’s scripting engine that could lead to remote code execution. The vulnerability is being exploited in the wild and was originally reported by a researcher from Google’s Threat Analysis Group. Microsoft released an out-of-band patch to fix the vulnerability before the normal patch cycle. McAfee products received ...
Read Blog