14 DAY TRIAL // Internauts from France should be cautious in case they receive notifications that appear to come from Apple instructing them to verify their identity.
Phishing campaigns designed to trick Apple users into handing over their credentials are not uncommon. However, experts from MX Lab have spotted a new variant that’s particularly aimed at French-speaking users.
When users click on the links from these emails, they’re taken to a bogus Apple website where they’re asked to enter their username and password. Once that’s done, victims are taken to other pages where they’re asked to enter personal and financial information.
After the process is completed, the legitimate website of the Apple store in France is displayed, most likely to avoid raising too much suspicion. It goes without saying that it’s a bad idea to enter your personal and financial details on a website controlled by cybercriminals.
To avoid falling victim to such schemes, always make sure that you’re on a genuine Apple domain when logging in to your account. The domain name might be cleverly set up to confuse you, but scam sites rarely use HTTPS connections.
So, if the green padlock icon (which shows the presence of a HTTPS connection) is missing from the browser’s address bar, you should probably not hand over any data.
Here is the complete text (in French) of the bogus emails:
“Cher client d’Apple,
Pour revenir a votre compte Apple, vous devez confirmer votre compte. C’est facile: cliquez sur le lien ci-dessous pour ouvrir une fenetre de navigateur securiser. Confirmez que vous etes le titulaire du compte et suivez les instructions.
hxxps://appleid.apple.com/confirm/OynS-uAtTw6W61X3oKA3PQ
Avant de vous connecter a votre compte sera confirmee, nous le faire savoir tout de suite. Rapport, il est important car il nous permet d’empecher les fraudeurs de voler vos informations. Cordialement, apple.
Merci, L’equipe d’Apple”
