I remember when my Apple-fanatic friends would laugh every time I fought off some new malware trying to invade my Windows operating system. Those were the days when Apple devices were relatively malware free and relatively unknown. But how things have changed. Apple’s attempt at making its products status symbols has come with a price, which is that hackers now see them as prime targets. The graphic below, from Symantec, shows the increased interest in hacking iOS-enabled devices. While the number of Android attacks have stayed relatively flat since 2016, attacks on iOS have more than tripled.
Hackers are after two things; information and money. If iPhone users have more money to buy their phones, they probably have more money to steal. If status is a key factor in owning an iPhone, then these are people more likely to be in positions of power and more likely to be connected to corporate and governmental networks. Thus, hacking iPhone users is more likely to give hackers access to such networks and the information they may be looking for.
So, it was but a matter of time before a sophisticated phishing scam was specifically developed to target Apple product users. And it’s not only one scam. There are multiple scams now circulating, and they are all quite convincingly engineered to fool their potential victims. In fact, so many Apple-product users have fallen victim to these scams that Apple had to issue a special warning.
Although somewhat different on the surface, all of these scams follow a similar pattern.
The Fake Apple Store Receipt Scam
You’d presumably have to be an Apple Store customer to fall for this scam because it relies on the victim getting a receipt for something they never purchased. Here is a copy of that fake receipt.
Naturally, the victim would be upset to find that they would have to pay for something they never ordered. If they suspect the receipt is actually from Apple, they will click one of the links provided to remedy the situation such as the link entitled, “Apple Store Cancelation Form”.
Hovering the cursor over the link would reveal that it was not valid, but, for those not paying much attention, the bad link would include the word, Apple, which may fool some into clicking on it.
Assuming you do get fooled into clicking on one of those links, you will be sent to a fake Apple Store login page, such as the one below. (I added the information in red.)
Interestingly, no matter what you put in the ID and Password fields, the site will ‘log you in’. This means you will be sent to an information page so that you can enter your personal information. Here is a copy of that fake page.
If you’ve been fooled thus far, it is here that you will enter the information that could ruin your life. Again, the scammers have made an effort to make this look like a legitimate information page.
The Subscription Confirmation Scam
A couple of the variations on this technique should be noted. One that is fooling many is the ‘YouTube Red’ subscription confirmation scam. In this scam, the victim gets the following email supposedly confirming a subscription the victim has recently made.
Again, the scammers are hoping you will want to cancel this subscription and will click the provided link. The results will be the same as the receipt scam outlined above.
This scam will work best with App Store customers who’ve already received such emails because it looks legitimate. A legitimate email is shown below. Notice, however that there are subtle differences, such as no 4 digits of your credit card are given in the fake email.
Update Billing Scam
Here is yet another scam that has met with more success than it should. This comes in the form of an email from Apple Customer Support, but others have noted a similar scam coming from iCloud or iTunes. Here is the basic email.
Although the link appears real on the surface, hovering over it will show you otherwise. You will be sent to a fake sign-in page like all the other scams.
The success of these recent scams will encourage criminals to develop more of them. Each scam will be more convincing than the last. Many Apple users will become victims, not only through phishing emails but through text messaging. At this stage, it appears as if the criminals are only after money. Some may be selling the information they get on deep web sites. Others may be buying merchandise and reselling it. At some point, these scams may be deployed to enter enterprise networks, so IT departments need to be aware of this. The days of feeling safe as a user of Apple products has now passed.