Researchers observed a phishing campaign that leveraged the claim of a virus affecting Apple's iTunes database to target users.
On Monday, security researcher Bryan Campbell tweeted out a scam message he received from a sender claiming to be Apple Support.
The message read as follows:
This is to inform you that a Virus has been detected in our iTunes database, and in other for you not to loose your iTunes account and to ensure efficient use of your Apple store, Please you are advise to re-validate your details with us to secure your iTunes account permanently. This is the second time out admin is sending you this message and failure to re-validate your iTunes account upon receiving this message, will lead to permanent closing of your account within the next 72 hours. Please follow the secure link below to clean and re-validate your iTunes Account.
The scammers made several spelling and grammar mistakes in their email, which could have raised a red flag in the minds of some users.
Security expert Graham Cluley notes that those who were undeterred and who decided to click on the link were redirected to a phishing page that asked them to submit their username and password. After entering in their login credentials, they were then asked to enter in some additional personal information, including their name and address.
At this time, someone has taken down the phishing pages, but as HelpNetSecurity's managing editor Zelijka Zorz observes, the scammers could very well set up a new domain and simply change the phishing link.
Apple users should therefore continue to be on the lookout for this phishing campaign.
Fortunately, there are some things users can do to protect themselves against this scam. As Cluley writes:
"Remember to always be careful about the links you click on, and verifying that a site that is asking for your password is the real deal. A good password manager can help in this regard, refusing to enter a password into a login form if it doesn’t recognise the domain."
Phishing attacks threaten organizations of all types, which is why so many companies are turning to eLearning solutions to launch or improve upon an existing security awareness training program for their employees.
Interested in giving your employees the tools they need to spot a phish? Learn more about Metacompliance's anti-phishing solutions today.