A fascinating new phishing attempt it making the rounds disguising itself as a receipt from the App Store, tricking unsuspecting users into coughing up all of their personal details. Here’s what you need to know and how to stay safe.
As reported by Bleeping Computer, the attempt shows up as an email with an attached PDF receipt for somewhere in the range of $30. With that, there’s a highly convenient “Issues with this transaction?” link at the bottom of the page.
Uninformed users click the link, of course, expecting to dispute the fraudulent charge. They’re then presented with a convincing-looking page with a less-convincing URL asking them to log in with their Apple ID. It’s also worth noting that this is a secure website, leading to an even bigger reason to assume it’s legit. But just because a site is secure, doesn’t mean it’s safe.
After attempting to log in, a warning is displayed stating that the ID has been locked for security reasons. A handy Unlock Account button is just below, which is where things get really bad. Clicking this button takes users to a new page asking for every damn detail you can imagine. Name, address, phone number, social security number, date of birth, payment info, and security questions/answers are all found on the form—this is an identity theft convenience kit.
But this is also where things get really interesting—after submitting the form, it states that the account is automatically logged out then redirects to a legitimate Apple page. Users log in, assuming that all is right with the world again when that couldn’t be further from the truth—the attacker just got everything they wanted. All your information put together in a nice little form. Yuck.
As pointed out by Bleeping Computer, the URL is the main thing that gives the whole thing away is the funky URLs (which were redacted from the original post for obvious reasons), but the point remains: if something looks awry, it probably is.
As stated previously, the weakness of this campaign is their use of very suspicious URLs. An observant person will easily see that the URLs are not legitimate, look strange, and should be avoided. For this reason, it is very important that users do not open links from strange emails and instead go directly to a company’s web site. If they do open links from emails, it is always important to analyze the URL of the landing page to make sure you are at a legitimate site.
As always, the key to staying safe is knowing what you’re up against. So pay attention to the details and stay vigilant.