Following reports of a phishing email scam involving Apple Store last week, the tech giant appears to be embroiled in another cyberattack this week.
MailGuard detected a new phishing email purporting to be from Apple infiltrating inboxes yesterday afternoon (AEST). While this email scam is similar to last week’s Apple phishing run, it has all of the content within its email body rather than in an attached PDF.
Using a display name of ‘Apple Receipt 2/4/2019’, the email was actually sent from multiple compromised .JP accounts.
The body of the message appears as an "Apple receipt" for an in-app purchase for a game called "Dragon Vale, Two Handfuls of Candy" and indicates the purchase was made from an iPod Touch.
The recipient’s email address is shown as the Apple ID in which the payment was made from. There are 4 links visible on the page, and all but one lead to the same phishing page. The "All rights reserved" link at the bottom leads to the actual Apple site.
Here is a screenshot of the email:
Unsuspecting recipients who do click on any of the malicious links in the email are taken to a convincing-looking copy of the Apple ID page, which directs them to input their ID details:
Once the user enters their Apple ID and password, they are sent to a second page that requests additional "Personal Information" under a heading of "Confirm Refund Request - Identity Verification" :
Users are then directed to enter their personal information via a form:
Once the user completes this second page, they are shown a 404 error page.
Users that fall for this fake Apple phishing scam will clearly give up a range of personal information which cybercriminals can then profit from.
By falsely claiming that unauthorised purchases of the game may have occurred, cybercriminals prey on the users’ emotions of panic and fear and take advantage of these to persuade Apple users to unwittingly surrender confidential details. Such a tactic can, ironically, now enable such illegal purchases to be made.
Similar to last week’s scam, this phishing run also utilises high-quality graphical images and elements that are normally found in legitimate Apple pages. Having convinced recipients that the email is actually from the tech giant, cybercriminals exploit on the well-established reputation of the brand to trick the company’s immensely large database of Apple users into divulging their confidential data.
A sense of legitimacy is also added with the statement “If you did not initiate this purchase, please visit iTunes Support to cancel the transaction” – a clever double bluff which works to elicit an inquisitive response from readers, in a particularly savvy example of social engineering.
Why phishing emails are bad for business
Although this fake Apple phishing email is primarily targeted towards consumers, cybercriminals also use phishing emails to manipulate employees into surrendering access to a range of sensitive and valuable business information.
This can include access to your corporate usernames and passwords used to access and steal confidential data.
The financial, reputational and litigation costs associated with phishing can therefore be huge, and it’s important that your business takes steps to protect itself.
We recommend that you educate staff on how to spot phishing emails in the event that they infiltrate your email inbox – you can access a range of hints and tips here.
If you’ve received this fake Apple email scam, Apple ask that your forward it to email@example.com. They also offer a range of information on how you can identify and report suspected phishing emails involving their company.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.