Watch out iPhone users, as there's a new scam around looking to steal your Apple ID credentials. Cleverly diguised as official emails from reputable sources, there are 2 fake emails doing the rounds that aim to snare you into a trap so that you'll hand over your login details.
The scam begins with an email – shown below – that appears to have come from Spotify. But in reality, the email is a bogus phishing scam that's posing as a real email. It says that you've purchased a year's worth of Spotify's Premium subscription model for $150.99 or £115. There's also a hyperlink inside the email, disguised under the text 'review your subscription'. When clicked, this URL would take you to what appears to be a genuine Apple website.
This fake website is designed in such a way as to encourage you to enter your personal Apple ID login details. However, rather than being a genuine login portal, it is a webform that submits your credentials to the hackers that own the page. By giving the hackers this information, you're potentially giving them access to a number of services, including your backed up videos and pictures, your personal identifying information, such as your name and address, and your stored Apple Pay details. This could allow the hackers to make purchased in your name using your Apple Pay software.
The scam was first shown on the Reddit website, where a user said:
"I saw this email today, I thought the sender looked fishy, so I went in to see if I had bought a year of Spotify Premium. I was drinking last night so I had a slight panic and clicked the link. But when I saw the Apple page with a random address, I immediately knew it was a scam."
Below is a picture of the dodgy website. As you can see, the URL for the website address is suspicious and clearly doesn't belong to the Apple corporation.
Although the original email claiming to be from Spotify and false Apple page appear to be reasonably genuine, there are some clear indicators that show them to be impersonators. For starters, the original email pertains to Spotify, so there would be no reason for it to redirect to Apple, nor for you to log into your Apple account. Secondly, there is no HTTPS security encryption on the supposed Apple website, which legitimate companies of their size use.
As always, you should remain vigilant about the emails that enter your inbox. It's good practice not to follow email links and log into your personal accounts via them. If you need to check anything regarding a subscripton or account that you own, you should type the true URL directly into your web browser, or go via a trusted search engine such as Google. If you need any other hints or tips regarding your online security, or just want to know how you can improve it, then you can get in touch with WiseGuys for personalised advice on 0808 123 2820.
Recent Comments