Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation



'Apple Account Frozen' Phishing Scam

Outline
Email claiming to be from Apple advises that the recipient's Apple account has been frozen and will remain frozen until the recipient opens an attached file and validates account information.

Frozen Account

© Depositphotos.com/ a2bb5s



Brief Analysis
The email is not from Apple. It is a criminal ruse designed to phish Apple account details and financial information from unsuspecting users.

Bookmark and Share
Example

Subject: Urgent_Case

Dear Client,

This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it.

The account will continue to be frozen until it is approved And Validate Your Account Information. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.

This will help protect you in the future. The process does not take more than 3 minutes.

To proceed to confirm your account information please follow the instructions that will be required.

Please downloaded the attachment and open it in your browser.

Yours sincerely,

Frozen Apple Acount


Detailed Analysis


According to this email, which purports to be from Apple, the user's Apple account has been frozen temporarily in order to protect it. The message warns that, unless the user opens an attached file to validate account information, the account will remain frozen.

However, the user's account has not been frozen. In fact, it's not even cold.  In reality, the email is the work of criminals intent on robbing the user of his or her personal and financial data.

If our hapless user gets taken in by the trick and opens the attached file as instructed, a bogus Apple account login page will appear in his or her browser. Once "logged in" via the bogus page, the user will be taken to a second bogus form that asks for identifying information and credit card details.

After clicking "verify" on the second fake form, the user will be transported to the genuine Apple website and may remain blissfully unaware - at least for a little while - that his or her information is now in the hands of fraudsters.

Armed with the stolen data, the criminals can commit credit card fraud and identity theft.  They can also hijack the user's real Apple account and use it for their own nefarious purposes.

Apple, or other legitimate companies, will never ask customers to provide personal and financial information via an unsecure HTML form contained in an email attachment. Scammers are more often using fake forms sent via email attachments rather than links to bogus websites in an apparent attempt to bypass browser phishing warnings.

Like other high-profile companies such as PayPal and Amazon, Apple is regularly targeted in phishing scams.

It is always best to access your online accounts by entering the account address into your browse's address bar rather than by clicking a link. And NEVER enter usernames, passwords, or other sensitive data via a form contained in an attached file.

Bookmark and Share

Last updated: September 13, 2013
First published: September 13, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Paypal 'Strange IP from a Different Location' Phishing Scam
Amazon 'Important Message From Security Center' Phishing Scam
'Confirm Your Apple Account' Phishing Scam
Phishing Scams - Anti-Phishing Information