14 DAY TRIAL // Cybercriminals are testing the vigilance of Apple device users with a phishing email that asks for payment card data and Apple ID credentials, motivating the request with security reasons.
The fraudulent email message does not address the recipient by name, which should ring the alarm from the get-go, and dives straight into the issue, claiming that verification of billing information needs to be performed, for undisclosed security purposes.
Scammers ask for all card data required for online purchases
A link to a “reset page” is offered, which the fraudsters say it is set to expire after a period of three hours, thus rushing the users into carrying out the action, lest their Apple account remains with some, again undisclosed limitations.
The bogus alert was captured by antivirus vendor Bitdefender, who analyzed the entire scam and discovered that following the “reset” link takes the recipient to a log-in screen that has nothing to do with Apple.
The information fields available are designed to harvest not only the Apple ID credentials but also payment card details such as full name, date of birth, country of residence, address, ZIP code, card number and type, its expiration date, CVV (card verification value) and the 3D Secure password.
The card data alone is enough for fraudsters to be able to make online purchases in the name of the victim. The 3D Secure password is an additional security service offered by some banks, which has also been implemented by some online retailers to prevent fraud.
Users' worries soothed by bogus info on 2FA being enabled
Bitdefender says that after all the details have been entered, the bogus page informs the victim that the two-factor authentication (2FA) security mechanism has been enabled for their Apple account.
To make the phishing message look more credible, the scammers let the potential victim know that if they believe the profile has been accessed without authorization, they can change the password at another link provided.
This second URL may also lead to a scammy page, but the researchers have not provided any details about the consequences stemming from visiting it.
