iPhone users have been targeted with a sophisticated phishing scam designed to steal their Apple ID credentials.
The phishing email is designed to catch the user off guard and alert them to a fraudulent charge being made on their account.
To review the subscription charge, users are directed to click on a link which takes them straight through to an official looking Apple ID login page with all the branded logos.
The site is in fact nothing more than a fake phishing website set up to steal Apple login and password details. The hackers can then use this information to gain unrestricted access to Apple Pay, videos, pictures and personal account information.
It’s believed the scam is taking advantage of the recent changes made to Spotify subscription payments. Spotify users previously had the option to pay for their Spotify Premium account via their Apple ID, but as of August, Spotify now requires its premium subscribers to switch to Spotify's own payment system.
A spokesperson from Spotify commented on the scam: "The email does not come from Spotify and is a scam/phishing attempt. We encourage all users who have seen or received notice of this particular email to refrain from clicking any links or sharing any personal or payment information.
"We are actively working to have all domains and websites connected to this email blocked and closed down. Affected users can reach out to our customer service using firstname.lastname@example.org or our Community, with any concerns regarding potential scam offers and/or phishing attempts."
Despite the convincing nature of the phishing email, there are a number of red flags that point to a well-crafted fake. They include:
MetaPhish has been designed to provide the first line of defence against phishing and ransomware attacks. Contact us for further information on how we can help protect your business from this growing threat.