Akankasha Dewan 18 October 2018 14:26:18 AEDT 4 MIN READ

Phishing email alert: Apple Pay brandjacked in sophisticated attack

As cybercrime morphs and evolves in complexity, cybercriminals are increasingly mimicking well-known brands and trusted companies, brandjacking them in a bid to infect computer systems and to steal sensitive data.

Apple Pay is the latest victim, with legitimate-looking receipts purporting to be from the company hitting inboxes Thursday morning (AEDT). These are actually phishing emails designed to steal confidential personal and billing credentials, like the victims’ Apple ID and password, mobile phone numbers, credit card data, and similarly valuable information.

Titled ‘ApplePay (Automatic Payment)’, the email uses a display name of ‘support@’. 

The body of the text appears as an official copy of an Apple Pay receipt, informing recipients of an ‘integrated purchase’.


Several of the links within the email lead to a copy of the Apple login page. The page first asks the user to enter their Apple ID email address and password.


Having input their Apple ID information, victims are led to another page informing them their account is locked.


Users who click on the ‘unlock your account’ link are led to another page purporting to be from Apple, requesting their billing details.

Apple_3Another page then follows, requesting ‘additional information’ from users. This includes their credit card information.


As a last step, unsuspecting recipients are asked to enter a one-time authorisation code sent to their mobile numbers.


Having undergone all the above steps, users are finally led to a page informing them their account is ‘verified’ and they are redirected to the legitimate Apple login page.


MailGuard has detected this email actually comes from one of two compromised accounts. We understand the domain used to host the fake Apple site was registered only yesterday / early today for the purpose of this scam.

 The inclusion of Apple Pay’s logo and branding, along with the presence of a seemingly secure and ‘official’ multiple-step procedure to verify accounts, are tools adopted to boost the authenticity of the email.

Having convinced recipients that the email is actually from Apple Pay, cybercriminals exploit the trusted reputation of the brand to trick the company’s immensely large customer base into divulging their confidential data.

 What is "phishing?"

Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain. 

 Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.

 A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.

Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services. 

 Protect your business online

Phishing scams and website hijacking can make millions of dollars for criminals. The big rewards for cybercrime have driven explosive growth in phishing in recent years, but many businesses are still poorly prepared to counter such attacks.

 If you would like to learn more about cybersecurity and how to protect your business, please download the e-book Surviving the Rise of Cybercrime. It’s a plain English guide explaining the most common threats and providing essential advice on managing risk.

 For a few dollars per staff member per month, add MailGuard's cloud-based email filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Stay up-to-date with new posts on the MailGuard Blog by subscribing to our email updates. 

Keep Informed with Weekly Updates