A new wave of phishing attempts targeted at Apple customers comes in the form of subscription renewal email and has seemingly become widespread. While this isn’t a new type of phishing attempt, it seems to have picked up quite a bit of momentum in recent weeks. Essentially, the email poses as an official message from the App Store containing information about a new subscription agreement. Eyal Benishti, CEO and Founder at IRONSCALES commented below.
Eyal Benishti, CEO and Founder at IRONSCALES:
“This is not the first time the Apple brand has been spoofed and I’d wager it won’t be the last. This latest campaign warns the user of an extremely expensive subscription service once the free trial period ends, feeding on users’ fears that ignoring the message could prove costly. Criminals continuously look for ways to impersonate popular brands and apps, in an attempt to lull potential victims into a false sense of security, and consequently get their hands on individuals’ financial information.
“As is the case in any phishing incident, vigilance is key. Never hand over any official information, and if you are even slightly suspicious, contact either the ‘Sender’ (in this case Apple), or if at work, the IT Security Team. Scams like this are often spotted relatively quickly, so keeping an eye on social media, news sites and even doing a quick Google search, could prevent you, and your organisation, from becoming the latest victim.
“While the link in this particular campaign transfers the user to a website designed to trick them into giving up their log-in details, it could just as easily redirect to a malware laden site which could infect the users’ device. With some users potentially using a work email address when signing up for services, such as iTunes, phishing messages can quickly pose a problem for organisations too.
“For organisations, it is imperative they help their employees identify well-crafted impersonation techniques, in order to avoid a potential cybersecurity incident that could prove crippling. This means employing mailbox level detection that tracks user behaviour analysis to build a picture of what is deemed normal behaviour so that anomalies in communications are easily spotted and automatically flagged as suspicious, in tandem providing an augmented email experience (InMail alerts) and mechanism (report button) to help employees better spot and easily report something amiss in a message ultimately helps protect the enterprise.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.