When it comes to phishing scams, the general concept is that cyber criminals will only send a link to trick users into logging in with their social media or email credentials. But since that is an old school trick, the malicious threat actors are aiming at much more than your Facebook or Gmail password.
Recently, we discovered a sophisticated phishing campaign targeting Apple users. The aim of this attack is to steal their Apple ID, credit card data, a government issued ID card, and or passport. That’s not all, the scam also asks users to provide it with access to their device webcam to take their snap for verification purposes.
It all starts with users receiving an email in which the sender poses as one of the officials from Apple Inc. The email alerts the user that their iCloud account is on hold because of an unusual sign in activity through an unknown browser and in case they didn’t log in from the device mentioned in the email they need to click on a link to change the password.
Here’s what the email claims:
- “Your Apple ID (#e-mail#) was used to sign in to iCloud via a web browser. Date and Time: 30/04/2017 Browser: Google Chrome Operating System: Windows 8 Address IP: 184.108.40.206 If the information above looks familiar, you can disregard this email. If you have not signed in to iCloud recently and believe someone may have accessed your account, go to My Apple ID and change your password as soon as possible. Click Here.”
Here’s a full preview of the email:
Those who understand how phishing scams work will know how to ignore it, but unsuspecting users may fall for it and be tricked into clicking the link and giving away their personal and financial information. Upon clicking the link users are taken to the phishing page which looks exactly like the official Apple ID login page. The users then are then asked to enter their Apple ID and its password to proceed.
Here’s the screenshot of the fake Apple ID page:
Once the users are logged in, they are taken to another page which asks users for their credit card details including cardholder name, card number, expiration date, CVV code and ED secure password. Upon giving this info, the users are asked to click the next tab. Remember by now the scammers have got your Apple ID login credentials and credit card information.
Here’s how the fake page looks like:
Because criminals will remain criminals, the more you feed them the more they will ask for. Once the “next” tab is clicked, users are invited to enter their personal information including full name, date of birth, country, state, city, address, Zip code and phone number. This is done to use user information for further scams like identity theft and social engineering frauds.
Here’s how the page looks like:
Once your personal information is handed over to the criminals, the page asks users to click the “finish” tab, but they aren’t done yet. Upon clicking the Finish tab users are taken to another page asking them to upload their password, a government issued identity card or the driver license – both sides. Here’s how the page looks:
The users can click skip to avoid uploading their government issued documents but then they need to allow the website to access their device’s camera and microphone to take a snap of them. The users can also click the “Skip” tab, and the page will redirect them to the official Apple ID website.
Good news is that Google Chrome has already detected the scam and marked the phishing domain as “Deceptive.” However, the bad news is that Firefox, Opera, and Safari browsers didn’t show any warning messages to their users therefore if you are using these browsers be vigilant.
As far as this phishing scam is concerned, it can be labeled as a highly sophisticated one since cybercriminals are not just after your credentials but also looking to steal your identity which could be used in large scale identity fraud or even terrorism. If you are interested in knowing more about ongoing phishing scam we advice following this link and stay safe online.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.