New phishing scam purporting to be Apple email is reportedly on the loose

Apr 29, 2014 13:24 GMT  ·  By

Managed email security provider MX Lab has happened upon one of the most convincing email scams purporting to be a memo from Apple with a burning request to validate your account information. The people behind the scam will steal your Apple ID account and credit card information.

MX Lab claims to have started to intercept these phishing emails earlier today. The subject of the message states, “Validate Your Account Information” and the message body includes a memo that looks and sounds exactly like a legitimate email from Apple’s Support department (screenshot above).

Despite its seemingly legitimate nature, the memo “will try to steal your Apple ID account information including your credit card details,” according to MX Lab.

The phishing email says, “We need to ask you to complete a short and brief step to securing and validating your account information,” adding that “Failure to complete our validation process will result in a suspension of your Apple ID.”

That’s not something Apple would normally do, but unwary users would undoubtedly be alarmed by this fake warning.

“We take every step needed to automatically validate our users, unfortunately in your case we were unable to,” the email continues. “The process only takes a couple of minutes and will make sure there is no interruption to your account.”

The so-called “Apple Customer Service” team even goes to the trouble of explaining to the customer why he/she received the memo.

“This email was sent automatically during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted. For more information, see our FAQ.”

According to the security firm, clicking the links supplied in the message will lead to a malicious host at hxxp://31.204.130.145/~apple/secure/SenH37d3lPuNqeIc561gswPd6d4RN/, where the unknowing user will be presented with a form to enter their Apple credentials, along with their credit card information.

Needless to point out, cyber-criminals don’t need your card’s PIN number to wreak havoc, as the iTunes Store only requires your Apple ID and password, along with the billing information you’ve supplied.

Again, the email in question will look extremely convincing to the untrained eye. It even uses iconic paper graphics employed by Apple in various listings on its web site, complete with a near-perfect signature, proper spacing in the text body, etc.

Beware of any emails that force you to hand over your personal information using “or else” as a method of convincing you to take action.