Many people around the world use iPhones, iPads and Apple devices, although a worrying new scam is mimicking the famed company and stealing sensitive data from innocent people.
According to MailGuard, Apple’s Apple Pay feature is the latest technological feature to be targeted by cybercriminals, with scammers mimicking the well-known brand to infect digital devices to gain personal data.
Apple customers are being sent legitimate-looking digital receipts that appear to be from Apple. The emails are actually phishing emails that are designed to steal everything from personal information, billing credentials, phone numbers, Apple ID and passwords and credit card information.
The subject of the fake emails is “ApplePay (Automatic Payment)” and uses an email display name of [email protected] The body of the text appears as an official copy of an Apple Pay receipt, warning customers of an “integrated purchase”. Worryingly, several of the links within the email actually lead to a copy of the Apple login page, where people are asked to enter their Apple ID email address and password.
Once the information is entered, people are led to a second page advising them their account has been locked. If users click the “unlock your account” link, they’re told to update their billing details and provide additional user information. After completing these steps, people are then directed back to the official Apple login page.
“The inclusion of Apple Pay’s logo and branding, along with the presence of a seemingly secure and ‘official’ multiple-step procedure to verify accounts, are tools adopted to boost the authenticity of the email,” MailGuard said in a statement. “Having convinced recipients that the email is actually from Apple Pay, cybercriminals exploit the trusted reputation of the brand to trick the company’s immensely large customer base into divulging their confidential data.”
Phishing scams work by tricking email recipients into revealing their private and personal information, which criminals then exploit. Emails are often sent to large numbers of random people. While cybercriminals know many people don’t respond, sending large quantities of the same message usually results in someone falling for the trick.
Most phishing scams, such as the Apple one, include links that encourage people to login to fake websites. They’re then asked to enter more information such as bank account details and phone numbers.
“This is a very cleverly executed scam,” MailGuard said in a statement. “Not only does it mimic a major household brand like Apple, that nearly everyone online has a relationship with, but the mechanics it employs to extract sensitive data and credentials are also executed seamlessly.”
People who receive emails from Apple are encouraged to be extremely vigilant and check authenticity before providing any confidential information online.