A recent report published by Malwarebytes has revealed that a new email scam campaign has been identified which tries to con users to trick users into sharing the credit card numbers that they use for iTunes.
This email scam involves contacting iTunes subscribers to offer them a refund for a purchases that was completed using their iTunes account, stating they have been impacted by an email scam already. If users decide that they will try and process a refund, they will be asked to provide their Apple ID, password, and credit card details so the refund can be completed.
iTunes subscribers have been sent emails advising them that their account has been hacked and used to purchase an app valued at £34.99 ($53), with the emails containing a fake receipt for the purchase. The app is question is provided by CoPilot Premium HD, which claims to be a navigation service. The receipt includes a link that the recipient of the email must click in order for their refund to be issued, if the purchase is not authentic.
This app does not exist. Any steps that iTunes users take to try and stave off this supposed fraud will. sadly, lead to them genuinely being hacked.
There have been a number of similar only email phishing scam targeting Apple users in recent weeks. Another email spam campaign tried to get subscribers to click a link to update their credit/debit card, which users have been told is about to expire. Users have been asked to click a link and enter their new card details, including the CSC code on the back of their card, as well as the new expiry details.
The email, as is common in campaigns like this, is sent with a threat of account suspension if they do not agree. In this instance, users have a short period of time to respond. The email link is said to expire in 60 minutes, minimizing the time for users to verify if the email is in fact authentic.
They are given a link to store.apple.com which is seemingly authentic; however, hovering over the link will show that the link directs them to a different destination.
There are other common revealing signs that the email is a fraudulent, even though the correspondence does include seemingly genuine Apple imagery and seems to have been sent from Apple’s customer service department. One of the most revealing things is the volume of spelling errors included in the email. Any email issued by Apple is likely to have at least been run through a spell check before being used as a template for millions of Apple device owners. A sure sign that the email is not authentic.
The email includes spelling and grammatical mistakes such as informing the recipient that the link will “expire one hours after the email was sent.” iPhone “ore” iPads is another, and feature is spelt “feauter.”
Apple users must carefully read any email issued from Apple, and to attempt to verify any request to provide ID numbers or financial details.