Apple Store billing phishing - beware bogus emails!

Filed Under: Apple, Phishing, Spam

ApplePhishing isn't just about stealing your banking details, your PayPal password or even your Facebook login credentials.

These days it could be your Apple account that is being targeted too.

With more and more people having Apple IDs (used by millions for purchasing software from the Mac or iPhone App stores, or downloading music and movies from iTunes) it's inevitable that criminals will show an interest in stealing your credentials.

On the surface, the following email might appear to come legitimately from Apple.

Phishing email

Dear Customer,

It has come to our attention that your account Billing Information records are out of date. That requires you to update your Billing Information. Failure to update your records will result in account termination.

Click on the reference link below and enter your login information on the following page to confirm your Billing Information records...

Click on [LINK] to confirm your Billing Information records.

Thanks,
Apple Customer Support

Take a closer look at the email, however, and if you hover your mouse over the link you will see that the email is attempting to take you to a German website, rather than the legitimate Apple Store.

A closer look at phishing email

In this particular case, the webpage you are taken to is now suspended - but future messages could easily take you to a fake Apple Store login page.

The emails appear to be being spammed out widely, and not just to Apple Store users. The cybercriminals are taking a shotgun approach, hoping that a good proportion of recipients have Apple IDs and might be fooled into handing over their details.

Always take care over unsolicited emails, and be cautious of the links you click on. Sophos products are blocking the above message as spam.

, , ,

You might like

3 Responses to Apple Store billing phishing - beware bogus emails!

  1. julie · 1004 days ago

    i got a gmail telling me i havent used my itunes account an i still had money on the account. now i knew something wasnt right because i had just made some purcheses a few days before i got that mail. i just ignored it then when i went to make more purcheses, i changed my username and passcode.
    i have been useing itunes for years and never got anything like that before.

  2. Bruce · 1002 days ago

    I have received some odd emails that look like legitimate emails from Apple, telling me that I have unused credits in my iTunes account. These are very well-crafted, complete with the Apple logo and style. But, the punctuation and grammar is typically off. I just delete them. As far as I know, Apple does not send out any such reminders.

    Just no end to these hackers.

  3. tina · 901 days ago

    i just got one that also have about 50 other email address's along with it, ( sign #1 they would not put a mass email where you would see others email address's) stating that they received my order and my card would be charged close to $5,000 i better be getting a few mac books all loaded for that price

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.