Warning: Use of undefined constant ‘upload_mimes’ - assumed '‘upload_mimes’' (this will throw an Error in a future version of PHP) in /hermes/walnacweb03/walnacweb03af/b64/pow.netactivity/htdocs/backup2019/wp-content/themes/host_hub/functions.php on line 440 Warning: Use of undefined constant ‘enable_extended_upload’ - assumed '‘enable_extended_upload’' (this will throw an Error in a future version of PHP) in /hermes/walnacweb03/walnacweb03af/b64/pow.netactivity/htdocs/backup2019/wp-content/themes/host_hub/functions.php on line 440 Beware: There's A New Phishing Attacks That Looks Like Emails from Apple - Netactivity
Loader
Net Activity Car
Microsoft Partner
info@netactivity.us 888-545-5346

Beware: There’s A New Phishing Attacks That Looks Like Emails from Apple

There’s a new, widespread phishing campaign underway that you need to be aware of if you use the Apple App store at all.  At this time, no one knows who’s behind the campaign, but already, a surprising number of people have been taken in by it.

The campaign works like this:

You’ll receive an email that appears to be from Apple confirming your recent purchase of a $30 app.  The email contains a PDF that the sender claims is your receipt.  This is a lie, and once you click on the PDF to see what you supposedly spent money on, they have you.

Clicking on the PDF reveals what appears to be a receipt from Apple.  At the bottom of the PDF, there’s a helpful link with a note that informs users that if they did not authorize this transaction, they can click the link to get a full refund. Clicking on the link brings the user to an exact replica of the Apple Account management portal.

If the user enters their login credentials, they’ll get a message that their account has been locked for security reasons, and informed that they must unlock their account before signing in.  In the user’s mind, this underscores the notion that their account has been compromised, which will prompt them to try and remedy the situation by unlocking their account and changing their password. Unfortunately, this is exactly what the scammers are hoping for.

When a user clicks the “Unlock Account” button they’ll be asked to verify their account information, including their full name, their address, telephone number, social security number, date of birth, payment information, driver’s license and/or passport number, and security questions.

Once they give all this to the scammers, the user will be redirected to the actual Apple account management page. The brilliant (and disturbing) part of this elaborate scheme is that they do so in a way that causes the Apple page to load with a message stating “this session has timed out for your security,” which reinforces the story the user has been given to this point.

You log on normally and see no sign of the previously mentioned charge, so you assume all is well, and it is – except for the fact that you’ve inadvertently handed the scammers everything they need to steal your identity.

If you use the Apple App store even occasionally, be on the lookout for emails like this.  It could cost you more than you realize.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top