Apple users are being warned to avoid a devious phishing scam which claims to be a purchase confirmation email from the Apple App Store.
The phishing email, which contains a PDF attachment, requests that the recipient clicks a link to report if the transaction was unauthorised. By clicking on the link, the user is directed to a phishing website that mimics Apple’s account management page and requires them to enter a username and password.
Once the details are entered, the user receives an error message stating “This Apple ID has been locked for security reasons. You must unlock your account before signing in.
In order to ‘unlock’ the account, the victim is prompted to enter additional information, including their full name, address, telephone number, payment information and answer a number of security questions. They are then redirected to a page stating that the session has been timed out for security reasons.
With such a wealth of sensitive information now entered into the phishing website, scammers are in a prime position to exploit the data to break into other accounts, attempt to steal identities, hold it for ransom or sell the information on.
Protection Against Phishing
With more people than ever getting caught out by phishing scams and clicking on URLs that are designed to steal sensitive information or infect their computer with malware, there are a number of simple ways to protect yourself and your business from phishing.
- Never click on links or download attachments from unknown sources.
- Always verify the security of a website.
- Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately.
- Ignore and delete emails with poor grammar and formatting.
- Install the latest anti-virus software solutions on your devices.
- Use strong passwords to reduce the chance of devices being hacked and use different passwords for different accounts.
- Question the validity of any email that asks you to submit personal or financial information.
Find Out More
Our award winning MetaPhish platform provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats.It has helped protect organisations across the world from this ongoing threat and provides the first line of defence against phishing attacks.