I got 99 Problems But a Phish Ain’t One!

March 12, 2018 11:29 am Bernard Ward

Scam of the Week – Apple App Store Phishing Emails

Cyber criminals have been ramping up their attack on Apple Customers worldwide. Users have reported a sharp increase in Phishing emails which appear to be from Apple in the form of convincing App store subscription phishing emails.  

In a response to this Apple have recently published a page on their website to help users of their App store to protect themselves against cyber criminals who are sending out phishing emails in the hope of capturing vulnerable user’s precious login details for iCloud and the App store.

According to https://www.top10vpn.com/ Apple ID login details are the most valuable logins on the dark web next to logins from financial services sectors such as PayPal.

Apple ID login details are fetching as much as $15.39 per login on the dark web. In comparison the site discovered the highest valued login details was PayPal which fetched a whopping $274 per login.

A scam that the cybercriminals use is to send an authentic looking email from the App store to the user asking them to renew their subscription with a highly inflated price. For example, 9to5Mac posted an image of an authentic YouTube TV app subscription renewal email beside another image which showed a very convincing phishing email asking the user to renew the subscription for a crazy price of $144.99 per month. This price will shock the user in to immediately clicking the option to review or cancel the subscription. This scare tactic and sense of urgency is exactly what the cyber criminals are aiming to do. Once the user clicks the link to cancel subscription and enter the login details… Bingo! Payday for the cybercriminal.

Authentic Email from Apple (IMG SRC: 9to5Mac)

Fake Phishing Email (IMG SRC: 9to5Mac)

Although the email is very convincing, with closer inspection there are some red flags indicating a potential phishing email. The differences can be hard to spot if you’re not looking and are enough to fool the average user.

  • Apple Logo at top and the text “Subscription Confirmation” look different
  • YouTube Red logo is incorrect
  • No personalisation in the email… For example: “Dear John…”
  • The price of renewal is $144.99 per month. Shockingly high price scares the user into reacting straight away
  • Payment method “By Card”. In an authentic email from Apple it will show the type of card and the last 4 digits stored in the customer’s account.

These are only some of the warning signs in this fake email. Some other tips would be to hover over any links to see where this link will lead you to. If it is something that you do not recognise as officially from Apple then do not click.

 Apple have posted a great guide for their users on how to avoid phishing emails and how to protect themselves, family and businesses from cyber scams.

Check out their support page here: https://support.apple.com/en-gb/HT204759

How Do I Stop Phishing Emails

MetaPhish 

For more information on how MetaCompliance can help you, your staff, and your business become more aware of Phishing,  feel free to check out our MetaPhish platform with a no obligation free trial….

Request a demo by clicking the phish below. 

Free Demo MetaPhish