Akankasha Dewan 30 January 2019 17:41:51 AEDT 4 MIN READ

Phishing email uses fake Apple Store branding to trick users

As cybercrime morphs and evolves in complexity, cybercriminals are increasingly preying upon emotions of cyber users in a bid to trick them into revealing confidential data online.

A case in point is a phishing email scam that MailGuard detected yesterday evening (AEST). Purporting to be from Apple Store, the email infiltrated inboxes using the same display name. It actually comes from a compromised domain and contains a very short message within its body. It informs the recipient of an invoice arrival from Apple for a recent purchase made. Recipients are advised to open a PDF attachment in order to view the invoice.

Here is a screenshot of the email:

APple blog

The PDF attachment contains a receipt for the purchase of a mobile game titled “Mobile Legends Bang Bang.” It contains several elements that makes the receipt look like a legitimate one from Apple, such as the inclusion of Apple Store’s logo, as well as a graphic image from the mobile game itself.

The receipt advises users to cancel the purchase immediately if they did not make the purchase or believe an unauthorised person has accessed their account. A link is provided to go to "Cancel and Manage Purchasing"

Here is the screenshot of the PDF:


mobile legend 

After the user clicks this link, they are taken to a legitimate looking copy of the Apple login page. This is designed to harvest the login details of unsuspecting users.

apple id

This Apple ID login page utilises high-quality graphical images and elements that are normally found in legitimate Apple pages. Having convinced recipients that the email is actually from the tech giant, cybercriminals exploit on the well-established reputation of the brand to trick the company’s immensely large database of Apple users into divulging their confidential data.

While the email body in itself is not very sophisticated, the scam is a decently-executed one thanks to how it plays on users’ fears that their Apple ID has been compromised and/or has been used by someone who has access to their account. For instance, the scam contains safety disclaimers such as advising users to cancel their purchase “as soon as possible” if they believe they have been unfairly charged. By including disclaimers that are normally expected from an official notification originating from well-reputed organisation such as Apple, the receipt firstly builds trust with unsuspecting recipients. Simultaneously, it instills a sense of urgency among users, and prompts them to take action quickly by clicking on the provided link.

Despite the presence of such tactics, this email scam does contain several red flags for anyone who is vigilant enough to spot fake emails. For example, the email does not address the recipient directly at any point. Instead, it only refers to “Dear Apple customer” and “Dear customers” in the email body and the PDF attachment respectively. Several spacing and grammatical errors are also present in the receipt such as “This is a notification you recently purchasing on an Apple ID :”.

 MailGuard urges cyber users to be constantly on the lookout for such red flags, and to take extra precaution when clicking on links and providing confidential data online in order to prevent phishing attacks.

What is "phishing?"
Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain. 

Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.

A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.

Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services. 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top