Scam Of The Week: Apple Store Phishing Attack Goes For Whole Enchilada



Phishing attacks using false Apple Store email messages, fake landing pages and sometimes fake login pages are still a very popular attack vector. They still make it through all the filters, as witnessed by the hundreds we get every day that are reported by employees of our customers' users that use our Phish Alert Button.

This one is particularly pernicious because apart from a well-crafted initial phishing email, the landing page is going for the whole enchilada. As we have mentioned here before, the bad guys in Eastern Europe use the UK as their beta test and when all the bugs are ironed out, the attack gets unleashed in the U.S. so regard this as a heads-up please. 

Apple Store Phishing Email

The "refund request" page imitates the Apple "look" and asks not only for the full address information but also the credit card data, and makes sure you notice that "Apple is committed to protecting your privacy". Yeah, sure.

Apple Store Refund Request Scam

Apple Store Phishing PageThey are pros in their field, with attention to detail. They even have little question marks you can click on that are very helpful explaining what you need to fill out in the field so they can fully steal your credit card data.

The fact that these attacks still make it through quite a few different filters shows that it is a continuous process to keep users on their toes with security top of mind, whether it is at the house or in the office.

I suggest you take the following, feel free to copy/paste/edit and send the Scam Of The Week to your employees, friends and family:

"A new Phishing attack is using a very realistic-looking Apple App Store message to trick you into trying to prevent getting charged for something you did not buy. This attack may make it through all the spam filters into your inbox so you need to be alert for this scam.

 

This phishing attack tries to make you fill out a page with your full address and credit card information so that you "will not get charged". If you or a family member would fall for this trick though, it is highly likely that your credit card would get fraudulently charged quickly.

 

Remember to never click on links in emails to go to a vendor's website. Always use your browser and either type in the address of the company or use a bookmark you have set yourself earlier. And while we are at it, never just open an email attachment you did not ask for. Let's stay safe out there and Think Before You Click!" 


Free Phishing Security Test

Did you know that 91% of successful data breaches started with a spear-phishing attack?

Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone with our free test. Did you know that KnowBe4 also supports "Vishing" where you can actually send your users simulated voice mail attacks?

Get Your Free PST Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

 

 


Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews