APPLE customers are being warned of a clever new scam using fake website to steal personal information.
The phishing scam — an attempt to obtain sensitive information in an electronic communication — is using the company’s branding to try and trick customers to supply their details via a fake Apple login screen.
Discovered by web and email security service MailGuard, the scam sends victims an email saying their Apple ID has been locked and offers a link to make sure it will remain active — clicking takes them to fake login page.
“This fake Apple website is hosted at www.appleid.apple.com.appsupportmail.com and the design of the page is quite convincing,” explained MailGuard.
“An unwary person could easily be fooled by this fake site and enter their login ID and password, allowing the criminals behind this scam to hack into their account.”
MailGuard said the attack has the potential to affect a lot of people and could result in financial losses or significant harm to computer systems.
“MailGuard’s analysis of this cyber-attack reveals that the messages have been sent from the email domain ‘@applemail.email’ which is hosted with Google mail,” MailGuard explained.
“These emails can pass both SPF and DKIM authentication tests so they will probably be able to penetrate a lot of inboxes.”
If you find this email in your inbox, be sure to delete it immediately.
Apple is yet to comment on the issue, but its advice to “avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams” can be found here.
PROTECT YOURSELF FROM BRANDJACKING
As you might have guessed from the warning above, brandjacking is the unauthorised use of a company’s brand.
According to MailGuard, brandjacking emails are almost certainly being received in your inbox.
“Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing,” MailGuard explained.
“People are not machines; we are all capable of making bad judgment calls.”
Thankfully, there are ways to protect yourself.
If you are suspicious about an email, you should check the ‘sender’ info on email headers carefully to see if it looks official — you can always phone the organisation to check.
If you do click the link and are taken to a login page, take an extra moment to stop and consider what you’re handing over.