• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Apple News

App Store Phishing Email Stealing Apple User Credentials

March 16th, 2015 Waqas Apple News, Cyber Crime, Scams and Fraud, Security, Technology News 0 comments
App Store Phishing Email Stealing Apple User Credentials
Share on FacebookShare on Twitter

A PhishTank has been located where the Apple store users have been the victims of phishing emails.

OVH, very well-known web hosting platform based in Europe which says that it is responsible for running Apple Store Confirmation page. This page seems to be the place of the fraud.

So here is a detailed analysis with the assistance of Malwarebytes.

Apple users are receiving emails where attackers are pretending to notify users about their recent download from the App store, but in reality the email is fake and contains phishing link developed to steal their login credentials. 

MUST READ: iPhone, iPad theft Victims tricked into unlocking devices through iCloud Phishing Page

Below is the exact content sent by attacks in the fake App store email:
Apple Store Purchase Confirmation 
Thank you for purchasing the following items: Space Qube 
Order Number: MHDH6YM6KZ 
Receipt Date: Order total: GBP 22.99 
If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself. If you did not initiate this download, please cancel the transaction by filling the form below. 

See Apple ID: Tips for protecting the security of your account for further assistance.
Here is a full screenshot of phishing email sent to Apple users: 

 

app-store-phishing-email-stealing-apple-user-credentials

The email begins by saying thanks to the visitor who has supposedly purchased the game Space Qubec and then informs the visitor that the email is just an alert. The email is actually linked to the phishing page, but the email says that an alert is sent because of the user initiating the game. Spam recipients are more than likely to cancel this payment if they fail to get the game they wanted and do this by filling in their personal information as per the request.

MUST READ: Hacking YouTube Account Through Phishing Mails

However, the users should understand that companies like Apple will not request their personal information just to cancel the purchase. They would neither ask your mother’s maiden name.

A Google search was made putting the order number as a reference and it revealed that spam has been dropping to inboxes since February.

The users are redirected to a page which asks for their personal password for additional verification once they have given their information on the previous page.

After this, when the user clicks the submit button after putting in the details as requested, the user then sees a “Thank You” page again, which disappears in a little while and redirected to the Apple sign in page.

Examining the phishing URL more deeply revealed that the /.apple/ URL path is an open directory that consists of 100 copies of the phishing page.

The phishing sub-domain has been reported to the OVH’s abuse channel.

Apple users must be wary of such phishing email. Even if they receive suspicious emails, they should simply ignore put into the trash.

Follow @HackRead

  • Tags
  • App Store
  • Apple
  • Cyber Crime
  • hacking
  • Phishing
  • Scam
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Pay Ransom or Secret Data on South Korean Nuke Reactors Will Be Leaked: Hacker
Next article Man Fakes Suicide to See How Facebook Suicide Preventing Tool Works, Gets Detained
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

49
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

86
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

107

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us