Fake App Store Receipts Are Tricking People Into Providing All Their Personal Details
A fascinating new phishing attempt it making the rounds disguising itself as a receipt from the App Store, tricking unsuspecting users into coughing up all of their personal details. Here’s what you need to know and how to stay safe.
Uninformed users click the link, of course, expecting to dispute the fraudulent charge. They’re then presented with a convincing-looking page with a less-convincing URL asking them to log in with their Apple ID. It’s also worth noting that this is a secure website, leading to an even bigger reason to assume it’s legit. But just because a site is secure, doesn’t mean it’s safe.
But this is also where things get really interesting—after submitting the form, it states that the account is automatically logged out then redirects to a legitimate Apple page. Users log in, assuming that all is right with the world again when that couldn’t be further from the truth—the attacker just got everything they wanted. All your information put together in a nice little form. Yuck.
As stated previously, the weakness of this campaign is their use of very suspicious URLs. An observant person will easily see that the URLs are not legitimate, look strange, and should be avoided. For this reason, it is very important that users do not open links from strange emails and instead go directly to a company’s web site. If they do open links from emails, it is always important to analyze the URL of the landing page to make sure you are at a legitimate site.