14 DAY TRIAL // Spammers are currently running a campaign that attempts to dupe users of the iTunes software from Apple into divulging their credentials for the online account.
They try the same old trick where the body of the message informs of some sort of problem that can be solved by logging into the account. A link is provided, only it directs the potential victim to a phishing website.
Once the information is entered in the fields, all of it is automatically sent to the cybercriminals. MillerSmiles spotted the phishing email and analyzed a sample; they detected the spoof website to be located in Newark, New Jersey.
The message from the cybercriminals informs the potential victim that their online access has been blocked. The purported reason for this action is that the information became obsolete.
The truth is that Apple, or any other company, does not push this type of emails to their customers, and they are definitely not looking for reasons to suspend a customer’s account or delete it; losing customers is actually the last thing a company wants.
In case of inactivity, they would at most send a message reminding the user that a long period has passed without accessing their service.
Although this phishing sample is easy to detect because of the poorly constructed message and the grammar mistakes, others can be more successful. Apple provides useful hints on how these can be spotted.