Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 121 - December 2011 - Page 30

Apple Store Account Phishing Scam

Issue 121 Start Menu

Previous Article

Outline
Email purporting to be from Apple claims that the recipient must follow a link to verify his or her Apple Store account details within 48 hours or risk having the account deactivated.



Brief Analysis
The email is not from Apple. The message is a scam designed to steal login and credit card details.

Bookmark and Share
Detailed analysis and references below example.



Last updated: 28th October 2011
First published: 28th October 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Email Alert (Apple Store)

Dear Apple Customer,

Apple Technical Support just attempted to verify your online account information.
Unfortunately we are unable to verify it on our database today,
Take the following steps to ensure that your account has not been deactivated & Restore Your Account & Update your credit card Details:
by click on the [link removed] to restore your account within the next 48 Hours in Order to Continue using it .

Thank you.



Detailed Analysis
According to this email, which claims to be from Apple, the recipient's Apple Store account information could not be verified. The message instructs the user to follow an included link within 48 hours to verify the account and avoid account deactivation.

However, the email is certainly not from Apple. In fact, the message is a phishing scam designed to trick recipients into divulging their personal and financial information to Internet criminals. Those who follow the link will be taken to a bogus website designed to look like a genuine Apple Store page where they are asked to "login" as shown in the following screenshot:
Bogus Apple Store Login

Once they have "logged in" on the bogus site, users are then presented with the following "verification" form which requests address details, credit card information and even their email address and password.
Bogus Apple verification form

If a victim fills in the form as requested, all the information provided can be collected by the criminals operating the scam. Armed with this stolen information, the scammers can then login to their victim's real Apple account and treat it as their own as well as conduct fraudulent credit card transactions. They can also hijack their victim's email account and use it to perpetrate further scam and spam attacks. The criminals may also be able to collate enough personal information from the bogus verification form and from the hijacked accounts to enable them to steal their victim's identity.

Both the scam email and the bogus website are disguised so that they seem to be genuine. The message uses HTML to make the link to the scam website appear to be legitimate. The formatting, colour scheme and navigation used on the scam website mirror those used on the real Apple website. And, in a further attempt to create an illusion of legitimacy, secondary links on the scam site point to genuine Apple web pages.

Phishing scams of this nature are very common. Users should be very wary of unsolicited emails that ask them to provide personal or financial information by following a link or by opening an attached file. If you receive such an email, do not click on any links or open any attachments that it may contain.

Bookmark and Share

References
Phishing Scams - Anti-Phishing Information



Previous Article

Issue 121 Start Menu

Pages in this month's issue:
  1. Bogus Warning - Scammers Asking for Baby Details to Claim Benefits in Your Children's Names
  2. False Claim - Cardiff City Football Club Refused to Donate Club Shirt for Fallen Soldier's Coffin
  3. Summer Chain Email - Blond Hair And Blood Shot Eyes
  4. Facebook Account Reported Phishing Scam
  5. Christmas Tree App Virus Hoax
  6. Sears Supports Reservist Employees Email Forward
  7. False Claim - Colour Photographs of Hitler Taken by American Life Photographer
  8. Budweiser Frogs Virus Hoax
  9. Phone Text Message Lottery Scams
  10. Skype TopUp Payment PayPal Phishing Scam
  11. Hoax - Mark Zuckerberg Blames Facebook Porn Attack on the Philippines
  12. 'DGTFX Virus' Email Account Phishing Scam
  13. Recent Facebook Porn Attack Highlights Dangers of Misleading 'Security' Warnings
  14. False - Send Christmas Cards for Recovering Soldiers to Queen Elizabeth Hospital
  15. Christmas Cards for Recovering American Soldiers
  16. Starbucks Coffee Free Gift Card Survey Scam
  17. Facebook 'Virus' Warning - 'Nobody can watch this for more than 15 seconds' Video
  18. Advance Fee Scam - British National Lottery Promo Programme
  19. Live Ants In The Brain Hoax
  20. Hoax - Albany Bread Poisoned by Staff
  21. PayPal 'Verify to Resolve Account Limitations' Phishing Scam
  22. Red Bull Car Adverts Money Laundering Scam
  23. Hoax - Facebook Shutting Down on March 15
  24. False Warning - Red Dot Inside a Red Square On Chocolate Bars Indicates That Product Contains A Pork Derivative
  25. IT Service Desk 'Scheduled Maintenance & Upgrade' Phishing Scam
  26. Abandoned Two Week Old Sydney Baby Prayer Request
  27. Protest Message - Prison Sentence for Spray Painting Poppy on Mosque
  28. Protest Message - Dog Named 'Parrot' Shot by Police
  29. Inaccurate Protest Message - Poundland and Bodyshop Banning Staff From Wearing Poppies
  30. Apple Store Account Phishing Scam