The best tool for cyber criminals with limited social engineering skills is tricking users into phishing scams and it doesn’t matter if the users are on a Mac, Linux or Windows OS, and that’s what’s been going on in the scam we are about to discuss.
In this phishing campaign, Comodo researchers found out that cybercriminals are targeting users with authentic looking email from Apple informing them about the implementation of a limitation on their accounts due to security reasons. In order to get rid of this limitation, they have only 12 hours to log into a link provides by these criminals at the end of the fake email.
The email comes from a tricky address (firstname.lastname@example.org) which, of course, is fake but you have to give it to those criminals who are trying to convince people either they are from Apple or some app development company. If you want to verify your Apple ID just follow this official Apple link.
The email looks authentic:
Once the users open this email, they will find it authentic due to catchy graphics and well placed Apple logo and Apple Watch images but once they click on the link it redirects them to another website based in Brazil and hosted on HostGator’s servers.
Email From Address: email@example.com
Malicious URL inside email: https://srv80.prodns[dot]com.br/~good/my-account/en/
URL Domain: prodns[dot]com.br
IP Address: 126.96.36.199
After redirection, the page asks users to log in with their Apple ID and password, once entered, the page redirects them to another page in which a form asks them to put addition details including First name, last name, date of birth, Address, country, state, city and zip code.
This is not it, the email further asks the user to put their credit card details, the name of card holder, card number, expiration date, CVV code, short code, 3D/VBV and SSN.
We at HackRead have been updating our readers about the latest phishing scams. In the past, a payment refund email was found tricking Apple users into stealing money. In another sophisticated campaign cyber criminals compromised Vietnam government website and used it to target phishing attacks on Apple users.
It seems as if the Hostgator has removed the phishing domain from their servers and it’s not a threat anymore, but either way be careful and don’t fall for such scams.