Clever Apple Scam Alleges Fake Purchase, Steals Information

An advanced, widespread phishing campaign aims to steal Apple account credentials and other sensitive information through an email alleging a purchase was made from the Apple App Store. Users are receiving these emails with a PDF receipt attached that contains malicious, shortened links where one can supposedly dispute the purchase. Clicking on the links, however, brings users to a malicious site identical to the Apple login page. The only noticeable difference is a suspicious-looking URL. If user credentials are entered, a notice appears stating the account has been locked for security reasons and asks that more personal information be provided to confirm the user’s identity. This page asks for a full name, address, telephone number, social security number, date of birth, payment information, security question answers, and driver's license or passport number. If completed, the site states your verification is confirmed and redirects you to the legitimate Apple website, which displays a message saying your session has timed out for security reasons, corroborating the scam’s story. To protect yourself against this and similar scams, the NJCCIC recommends never clicking on links or opening attachments delivered with unexpected or unsolicited emails, and accessing account login pages by manually typing the company’s URL into your browser. More information on this campaign can be found via BleepingComputer’s post .

AlertNJCCIC