Kaspersky warns that a new Apple phishing scam has been making the rounds since January. In this case, the cybercriminals are targeting Europeans.
The scammers try to trick victims into thinking that they can purchase a €150 discount card by paying only €9 for it. In reality, the cybercrooks want to convince unsuspecting users to hand over their personal and financial data.
The fake emails appear to come from firstname.lastname@example.org and they carry the subject line “Apple is rewarding its long-term customers.”
The Apple phishing messages read something like this:
“Apple is rewarding its long-term customers. Your loyalty for our products made you eligible for buying and Apple Discount Card. With this only 9 EURO Discount Card you will have 150 EURO credit at any European Apple Store on http://www.apple.com.
“To acquire your Apple Discount Card please please download and complete the attached form. You will receive your Apple Discount Card via e-mail in the following 24 hours after your payment has been made.”
The links from these emails point to Apple’s official website. However, the file that’s attached to the messages is actually a phishing page that instructs users to enter their name, address, bank account number, credit card number, its expiry date, security code and the Verified by Visa or MasterCard SecureCode password.
The fact that they’re attaching the phishing page directly to the emails instead of placing it on newly-registered or compromised websites has some advantages. Phishing websites are usually removed after a fairly short amount of time, which means that the cybercriminals have to constantly update their attack.
This way, they only have to own a server to which the stolen information is transmitted.
If you come across such emails, ignore them. They have nothing to do with Apple and there’s no way you’ll get the promised discount card.
In this particular case, the fake Apple email is fairly well designed – it contains the Apple logo and it doesn’t contain too many typos. However, if you take a close look at it, you can see that there are some mistakes.
For instance, the scammers wrote “please please download and complete the attached form.”
In addition to such mistakes, you can tell that the email is fake because of the attachment. Legitimate notifications from Apple don’t contain any attachments and all the links point to genuine Apple website.
If you’re a victim of such a scam, contact your bank and tell them about the incident.