Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us

    Today, I received an email from Apple telling me that there was a change in my account information. Seeing that I had already changed it a few weeks ago, I was rather curious to see what this email from “Apple” had to say. After opening the message, I was surprised to see an uncanny and almost identical resemblance with the legitimate email from Apple I got a few weeks back. See the side-by-side comparisons below:

    Click for larger view Click for larger view

    There are few modifications in the body text in the spammed message. Also, it was sent by do_not_reply@itunes.com via smtp.com, which means that Gmail detected that the email might have been sent using a third-party email service. Even more curious, I clicked the link in the email that supposedly signs in to your Apple ID. I found that it pointed to a site that tries to mirror the legitimate Apple site; only the glaring difference was that this one had advertisements at the bottom of the page.

    Click for larger view Click for larger view

    I sought help from one of our engineers and as it turns out, the “Apple” site was indeed a phishing page hosted on a free hosting site. It tells users to input their Apple IDs and passwords while the information is later on sent to the phishers. This simple spammed message shows how easy it is to stage attacks nowadays- with minimum investment and considerable returns, phishers now have access to users’ App store info which includes users’ credit card information, home addresses, and phone numbers. You don’t even have to pay to host your server.

    Phishing attacks like this don’t need a lot of storage as it only stores the Apple credentials and is limited only to Apple users. It may only be as simple as a spammed message, but the outcome isn’t any different from your typical infostealing malware today that need to install themselves into systems. Furthermore, with the Apple’s market steadily growing, cybercriminals may now be more interested in these Apple accounts and the stolen credentials may be sold underground to other crooks for a good price.

    Always be wary of the littlest details in your email that may strike you as suspicious. Check and double check embedded URLs, delete spammed messages, and never underestimate the endless possibilities of cybercrime.

    Big thanks to Roland Dela Paz for helping out with the analysis and additional insights.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • http://opalizer.blogspot.com Lisa@Walk Through Life

      Thank you for sharing this! I did received this kind of email from Apple that made me wonder why? I did not create one. Also, I found 3-4 emails urgently asking me to clarify the account. I am glad, I deleted it.

    • Pingback: Be on the lookout for Apple iTunes phishing email | Cyber Crimes Unit



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice