MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

I got 99 Problems But a Phish Ain’t One!

Scam of the Week – Apple App Store Phishing Emails

Cyber criminals have been ramping up their attack on Apple Customers worldwide. Users have reported a sharp increase in Phishing emails which appear to be from Apple in the form of convincing App store subscription phishing emails.  

In a response to this Apple have recently published a page on their website to help users of their App store to protect themselves against cyber criminals who are sending out phishing emails in the hope of capturing vulnerable user’s precious login details for iCloud and the App store.

According to https://www.top10vpn.com/ Apple ID login details are the most valuable logins on the dark web next to logins from financial services sectors such as PayPal.

Apple ID login details are fetching as much as $15.39 per login on the dark web. In comparison the site discovered the highest valued login details was PayPal which fetched a whopping $274 per login.

A scam that the cybercriminals use is to send an authentic looking email from the App store to the user asking them to renew their subscription with a highly inflated price. For example, 9to5Mac posted an image of an authentic YouTube TV app subscription renewal email beside another image which showed a very convincing phishing email asking the user to renew the subscription for a crazy price of $144.99 per month. This price will shock the user in to immediately clicking the option to review or cancel the subscription. This scare tactic and sense of urgency is exactly what the cyber criminals are aiming to do. Once the user clicks the link to cancel subscription and enter the login details… Bingo! Payday for the cybercriminal.

Authentic Email from Apple (IMG SRC: 9to5Mac)
Fake Phishing Email (IMG SRC: 9to5Mac)

Although the email is very convincing, with closer inspection there are some red flags indicating a potential phishing email. The differences can be hard to spot if you’re not looking and are enough to fool the average user.

  • Apple Logo at top and the text “Subscription Confirmation” look different
  • YouTube Red logo is incorrect
  • No personalisation in the email… For example: “Dear John…”
  • The price of renewal is $144.99 per month. Shockingly high price scares the user into reacting straight away
  • Payment method “By Card”. In an authentic email from Apple it will show the type of card and the last 4 digits stored in the customer’s account.

These are only some of the warning signs in this fake email. Some other tips would be to hover over any links to see where this link will lead you to. If it is something that you do not recognise as officially from Apple then do not click.

 Apple have posted a great guide for their users on how to avoid phishing emails and how to protect themselves, family and businesses from cyber scams.

Check out their support page here: https://support.apple.com/en-gb/HT204759

How Do I Stop Phishing Emails

MetaPhish 

For more information on how MetaCompliance can help you, your staff, and your business become more aware of Phishing,  feel free to check out our MetaPhish platform with a no obligation free trial….

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations

WEBINAR: April 29th 2021 15:00 BST

The Realities of Getting Staff Security Training Right