iPhone users have been targeted with a sophisticated phishing scam designed to steal their Apple ID credentials.
The phishing email is designed to catch the user off guard and alert them to a fraudulent charge being made on their account.
To review the subscription charge, users are directed to click on a link which takes them straight through to an official looking Apple ID login page with all the branded logos.
The site is in fact nothing more than a fake phishing website set up to steal Apple login and password details. The hackers can then use this information to gain unrestricted access to Apple Pay, videos, pictures and personal account information.
It’s believed the scam is taking advantage of the recent changes made to Spotify subscription payments. Spotify users previously had the option to pay for their Spotify Premium account via their Apple ID, but as of August, Spotify now requires its premium subscribers to switch to Spotify’s own payment system.
A spokesperson from Spotify commented on the scam: “The email does not come from Spotify and is a scam/phishing attempt. We encourage all users who have seen or received notice of this particular email to refrain from clicking any links or sharing any personal or payment information.
“We are actively working to have all domains and websites connected to this email blocked and closed down. Affected users can reach out to our customer service using firstname.lastname@example.org or our Community, with any concerns regarding potential scam offers and/or phishing attempts.”
Despite the convincing nature of the phishing email, there are a number of red flags that point to a well-crafted fake. They include:
- A grammatical error in the main body of the email – ‘you are in charged for your subscription’. Any official correspondence from Spotify would be proofed for any spelling or grammatical errors.
- The subscription email claims to be from Spotify, but the payment system being referenced is Apple ID. If any changes or charges were made using an Apple ID, then all account correspondence would come directly from Apple.
- The URL does not match any of the official Apple web addresses. Despite the address starting with ‘myappleid’, the text is followed by a long line of random words and letters, including ‘aijcbtgroup’.
- Legitimate sites will always be secured using a ‘HTTPS’ certification. If a web address starts with ‘HTTP’, it means the site is not secure and you should leave immediately.
MetaPhish has been designed to provide the first line of defence against phishing and ransomware attacks. Contact us for further information on how we can help protect your business from this growing threat.