A fascinating new phishing attempt it making the rounds disguising itself as a receipt from the App Store, tricking unsuspecting users into coughing up all of their personal details. Here’s what you need to know and how to stay safe.

First of all, look how skeezy this looks

As reported by Bleeping Computer, the attempt shows up as an email with an attached PDF receipt for somewhere in the range of $30. With that, there’s a highly convenient “Issues with this transaction?” link at the bottom of the page.

More convincing, but still has obvious errors, like “Thanks to Purchasing!”

Uninformed users click the link, of course, expecting to dispute the fraudulent charge. They’re then presented with a convincing-looking page with a less-convincing URL asking them to log in with their Apple ID. It’s also worth noting that this is a secure website, leading to an even bigger reason to assume it’s legit. But just because a site is secure, doesn’t mean it’s safe.

Looks pretty legit.

After attempting to log in, a warning is displayed stating that the ID has been locked for security reasons. A handy Unlock Account button is just below, which is where things get really bad. Clicking this button takes users to a new page asking for every damn detail you can imagine.  Name, address, phone number, social security number, date of birth, payment info, and security questions/answers are all found on the form—this is an identity theft convenience kit.

Oof. Just look at those questions. And that’s not even the half of it.

But this is also where things get really interesting—after submitting the form, it states that the account is automatically logged out then redirects to a legitimate Apple page. Users log in, assuming that all is right with the world again when that couldn’t be further from the truth—the attacker just got everything they wanted. All your information put together in a nice little form. Yuck.

And a few seconds later, users are taken to a legitimate Apple page.

As pointed out by Bleeping Computer, the URL is the main thing that gives the whole thing away is the funky URLs (which were redacted from the original post for obvious reasons), but the point remains: if something looks awry, it probably is.

As stated previously, the weakness of this campaign is their use of very suspicious URLs.  An observant person will easily see that the URLs are not legitimate, look strange, and should be avoided. For this reason, it is very important that users do not open links from strange emails and instead go directly to a company’s web site. If they do open links from emails, it is always important to analyze the URL of the landing page to make sure you are at a legitimate site.

The real Apple page.

As always, the key to staying safe is knowing what you’re up against. So pay attention to the details and stay vigilant.

via Bleeping Computer

Profile Photo for Cameron Summerson Cameron Summerson
Cameron Summerson is ex-Editor-in-Chief of Review Geek and served as an Editorial Advisor for How-To Geek and LifeSavvy. He covered technology for a decade and wrote over 4,000 articles and hundreds of product reviews in that time. He’s been published in print magazines and quoted as a smartphone expert in the New York Times.
Read Full Bio »