Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 131 - May 2012 (2nd Edition) - Page 17

Apple Store Account Phishing Scam

Issue 131 Start Menu

Previous Article            Next Article

Outline
Emails purporting to be from Apple claim that the recipient must follow a link to verify his or her Apple Store account and billing details or risk having the account deactivated.



Brief Analysis
The emails are not from Apple. The messages are phishing scams designed to steal login and credit card details.

Bookmark and Share
Detailed analysis and references below example.





Last updated: 30th April 2012
First published: 28th October 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
(October, 2011)
Subject: Email Alert (Apple Store)

Dear Apple Customer,

Apple Technical Support just attempted to verify your online account information.
Unfortunately we are unable to verify it on our database today,
Take the following steps to ensure that your account has not been deactivated & Restore Your Account & Update your credit card Details:
by click on the [link removed] to restore your account within the next 48 Hours in Order to Continue using it .

Thank you.



Detailed Analysis
According to these emails, which claim to be from Apple, the recipient's Apple Store account information needs to be verified. The messages instruct the user to follow an included link to verify the account and avoid account deactivation.

However, the emails are certainly not from Apple. In fact, the messages are phishing scams designed to trick recipients into divulging their personal and financial information to Internet criminals. Those who follow the links in the scam messages will be taken to a bogus website designed to look like a genuine Apple Store page where they are asked to "login" as shown in the following screenshot:
Bogus Apple Store Login

Once they have "logged in" on the bogus site, users are then presented with the following "verification" form which requests address details, credit card information and even their email address and password.
Bogus Apple verification form

If a victim fills in the form as requested, all the information provided can be collected by the criminals operating the scam. Armed with this stolen information, the scammers can then login to their victim's real Apple account and treat it as their own as well as conduct fraudulent credit card transactions. They can also hijack their victim's email account and use it to perpetrate further scam and spam attacks. The criminals may also be able to collate enough personal information from the bogus verification form and from the hijacked accounts to enable them to steal their victim's identity.

Both the scam emails and the bogus website are disguised so that they seem to be genuine. The message uses HTML to make the link to the scam website appear to be legitimate. The formatting, colour scheme and navigation used on the scam website mirror those used on the real Apple website. And, in a further attempt to create an illusion of legitimacy, secondary links on the scam site point to genuine Apple web pages.

The examples shown here are just two in a long line of phishing scams that have targeted Apple users. Phishing scams of this nature are very common. Users should be very wary of unsolicited emails that ask them to provide personal or financial information by following a link or by opening an attached file. If you receive such an email, do not click on any links or open any attachments that it may contain.

Bookmark and Share References
Apple Customers, Beware of This Email Scam>/a>
Check Links in HTML Emails
Apple $100 Discount Card Phishing Scam
Phishing Scams - Anti-Phishing Information

Previous Article            Next Article

Issue 131 Start Menu

Pages in this issue:
  1. Paypal 'We Need Your Help Resolving an Issue With Your Account' Phishing Scam
  2. Boy Shot By Step Dad Charity Hoax
  3. One Direction Facebook Page Hacker Warning Message
  4. Windows Live 'Account Blocked' Phishing Scam
  5. 'Quilts in the Snow Photographs' - The Art of Simon Beck
  6. Shark Behind Scuba Divers Photo Hoax
  7. Facebook Survey Scam - Free Oakleys To All Facebook Users!
  8. Gang Initiation Warning Hoax - Infant Car Seat Left On Roadside
  9. Do Not Call - Mobile Phones Going Public Hoax
  10. Amazon 'Order Cancellation' Pharmacy Spam Emails
  11. Commonwealth Bank Phishing Scam - Online Access Suspended Message
  12. Circus Cruelty to Animals Protest Message - Baby Elephant Photograph
  13. Survey Scam - Free $1000 Walmart Gift Card Text Message
  14. Pharmacy Spam Emails Purport to be From YouTube
  15. Hoax - Picture of 'World's Largest Tortoise'
  16. Santander Online Banking Software Upgrade Phishing Scam
  17. Apple Store Account Phishing Scam
  18. Legitimate: 'Reminder to Update Your Legacy Blogger Account' Email