Scammers are taking advantage of the launch of iPhone 13, according to researchers at Zscaler. The launch event was streamed live last week on Apple’s official YouTube channel, and scammers set up phony channels that impersonated Apple’s broadcast. One of these fraudulent channels had 1.3 million subscribers and over 16,000 live viewers, which added legitimacy to the scam. The channel had a link to a phishing page, stating, “Special Event for you taking place NOW: www.2021apple[.]org.”
The link leads to a convincingly spoofed version of Apple’s website, with a page that says, “Hurry, and take part in our giveaway of 1,000 BTC! Apple have allocated a total of 1,000 BTC to be given away. Learn how to participate, and don’t miss out on your chance to get some!”
If the user clicks the button to participate, they’ll be asked to send between 0.1 BTC and 20 BTC to a Bitcoin address in order to receive double in return. The site says that 819 BTC have already been given away, which adds urgency to the scam. Zscaler notes that this scam alone was very successful before it was taken down.
“This wallet has received 1.48299884 bitcoins till now (worth around $69K),” the researchers write. “Currently, the site is taken down, and we believe it to be a short-lived attack. The huge sum collected in the bitcoin wallet in such a short period of time shows a sophisticated and highly successful attempt by the scammers. Scammers are becoming smart and observant, and whenever such hyped events happen, they try to take advantage of this to target mass audiences. Stay away from such unofficial giveaways and do not fall for such hype-driven scams.”
New-school security awareness training can enable your employees to avoid falling for these types of social engineering scams.
Zscaler has the story.