{"id":8609,"date":"2017-08-07T08:10:22","date_gmt":"2017-08-07T16:10:22","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/07\/news-2382\/"},"modified":"2017-08-07T08:10:22","modified_gmt":"2017-08-07T16:10:22","slug":"news-2382","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/08\/07\/news-2382\/","title":{"rendered":"Apple phish: Summary report statement"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 07 Aug 2017 15:30:59 +0000<\/strong><\/p>\n

If the following message lands in your mailbox, you may wish to throw on your “This is highly suspicious” cap before proceeding further:<\/p>\n

\"fake<\/a><\/p>\n

 <\/p>\n

The email is titled<\/p>\n

RE: [ Summary Report ] Statement login and update account 08\/05\/2017<\/em><\/h2>\n

Note the old spammer trick of placing “RE:” at the start to make you think there’s some sort of correspondence taking place.<\/p>\n

Spoiler: there isn’t.<\/p>\n

The message reads as follows:<\/p>\n

\n

Apple ID<\/em>
Account Information Page<\/em><\/p>\n

We need your help resolving an issue with your account. Thus, we have temporarily lock your account.<\/em><\/p>\n

We understant it may be frustating not to have full access to your account.<\/em><\/p>\n

We want to work with you to get your account back to normal as quickly as possible.<\/em><\/p>\n

How can you help?<\/em><\/p>\n

It’s usually quite straight forward to take care of these things. Most of time, we just need some more information about your account.<\/em><\/p>\n

Please complete your account informations by clicking in the link below.<\/em><\/p>\n

Confirm My Account<\/em>
We will permanently lock your account if we don’t receive your verification within 24 hours.<\/em><\/p>\n

Regards,<\/em><\/p>\n

Apple Support<\/em><\/p>\n<\/blockquote>\n

The URL used is a Goo(dot)gl shortener (now deactivated), which was bouncing users to the final destination below located at<\/p>\n

online-appleidsupport-accountimportant(dot)net\/Login(dot)php?<\/p>\n

\"apple<\/a><\/p>\n

Entering an Apple ID and password results in the following (fake) message that the account has been locked:<\/p>\n

\"\"<\/a><\/p>\n

\n

We’ve noticed significant changes in your account activity. For your protection, we’ve disable [SIC] your account.<\/em><\/p>\n

Unlock account<\/em><\/p>\n<\/blockquote>\n

The next page asks for a lot of personal information, including: name, address, DOB, phone number, full card information, security question information, and even 3D secure<\/a> details.<\/p>\n

\"fake<\/a><\/p>\n

\"fake<\/a><\/p>\n

This is not something you want to hand your details over to. This site joins the ranks of phishing pages making use of HTTPs to appear more authentic – here’s the real Apple sign in page:<\/p>\n

\"the<\/a><\/p>\n

You’ll notice it mentions the company name. This is called an Extended Validation certificate<\/a>. The one being used on the phish page claims to be from a service offering free certs to those possessing a web domain.<\/p>\n

\"not<\/a><\/p>\n

A good example of why you shouldn’t just believe the site in front of you is legit, purely because there’s HTTPs going on in the background. Emails directing you to pages asking for payment info via embedded links should set off all the warning alarms – and this particular email and website combo should be forever banished to your “ignore forever” folder.<\/p>\n

Christopher Boyd<\/p>\n

The post Apple phish: Summary report statement<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 07 Aug 2017 15:30:59 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
We take a look at an Apple ID phish currently in circulation, and examine some of the tell-tale signs you may have this lurking in your mailbox.<\/p>\n

Categories: <\/p>\n