Apple Users Targeted in Latest Phishing Scam

May 24, 2018 2:47 pm Geraldine Strawbridge

The fraudsters are at it again and have launched another mass phishing scam to trick as many unsuspecting users as they can into clicking dodgy links.

Coming hot on the heels of our last phishing scam which targeted Airbnb customers, the latest scam has been targeting Apple users in an attempt to trick them into updating their profile information.

Researchers at Trend Micro uncovered the scam which uses a common social engineering tactic of threatening to suspend a service to pressurise a victim into divulging personal information.

The phishing email notifies users that their Apple account has been limited due to unusual activity and urges them to click on a link to update their payment details.

Once clicked, the link opens to a fake Apple website which is almost identical to the official Apple phishing website, the only difference to unsuspecting users is the URL. Users are then prompted to enter their Apple ID and passwords.

As soon as a user enters this information, the website displays a message saying their account has been locked and provides a button to unlock it. The ‘Unlock Account Now’ button is linked to a malicious site that collects user data such as name, address, date of birth and credit card details.

After all the personal and account information fields are filled out, the site informs victims they will be logged out for security reasons and forwards the user through to the official Apple website.

Researchers at Trend Micro commented on the scam: “In addition to looking legitimate, this website appeared to be more sophisticated than most phishing sites due in part to the web directory permissions being set correctly.

Malicious actors usually use free hosting sites for their phishing scams since they expect them to have short lifespans, and they don’t put any effort into securing web server files. Because of this, it is typically easy to obtain information from phishing attacks and related sites; sometimes even the stolen data is accessible. In this case, the web directory permissions were set correctly, so we were not able to access that information.”

In addition to the legitimate looking fake Apple phishing website, the attackers used other sophisticated methods, including encrypting the fake site using Advanced Encryption Standard (AES). This allows the scammers to bypass some anti-phishing tools embedded in antivirus solutions. This is unusual for a phishing scam as attackers are usually more concerned with operations rather than security or evasion.

Despite the increasing sophistication of phishing emails, that are a number of red flags that users should look out for when assessing the validity of a site. These including spelling mistakes, poor grammar, a mismatched URL, claims of prizes or a request for information. Legitimate businesses will never send an email requesting you click on a link to enter or update personal information.

If you are looking to start a phishing awareness campaign or would like more information on how to protect yourself online, click here to find out how MetaCompliance can help. Our MetaPhish platform has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime.