Irish ITunes users also victims of phishing

ESET Ireland is warning Apple users to be particularly careful about the emails they receive.

Apple users are often known for their confidence when it came to online threats, believing their platform keeps them safe from any threats. But that confidence can work against them when it comes to social engineering, particularly phishing, as they tend to trust “official” looking websites more and cybercriminals know and abuse this to the maximum.

itunesmail

A very realistic looking phishing email is being received by Irish users, using the usual Apple visual clues and leading to a faked ITunes Connect login site (its address is associated with malware distribution by several antivirus vendors) which harvests login details of users. It still lets you in if you enter any made-up nonsense though.

itunesfakelogin

Once “logged in”, the page asks you to “confirm” many of your personal details, including your credit card number and security code, as well as your Social Security number if you happen to be American, your password and sort code.

itunesfake

Even though Apple would never ask their users for any of this information via email and warns exactly against such phishing on their support website, many users are still convinced by the look and feel of the site.

If anyone has entered their login details, they handed them over to the cybercriminals and should therefore change them immediately. If they supplied them with any additional information, such as their credit card details, they should cancel their card and make all other steps to limit the potential damage of having revealed their sensitive information.

Here is some useful advice from Apple’s website:

“As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never solicit such information from customers by email.

  • Find out who the email is really from
  • Be cautious of links in the email
  • Check that the website you’re accessing is legitimate
  • Note the email greeting
  • The message arrived at a different email address than the one you gave the sender
  • Keep previous history in mind
  • Never provide personal account information through email
  • Be cautious of attachments
  • What to do with suspicious iCloud emails

If you receive a suspicious email, select the message text so that it is highlighted. Choose Forward as Attachment from the Message menu (OS X Mail) or the Actions menu (Outlook). Send the email to abuse@icloud.com. This provides Apple’s legal department and law enforcement with useful information to help prevent future phishing emails.”

For more info, see Apple’s advice on identifying email fraud.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s