While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest.
We saw samples of spammed messages that attempted to spoof an Apple Store email notification. The said message informs recipients that they won the latest iPhone 5S mobile phones and iPad.
Figure 1. Fake Apple email
To get these prizes, they are asked to go to a specific website and disclose their email address and password. This will obviously result in your credentials ending up in the hands of cybercriminals.
Figure 2. Phishing page
The content of the message and the sender’s email address are obviously fake. However, its combination of perfect timing plus popular social engineering hook may cause users to fall into the spammers trap. The most important thing to know is: “if it’s too good to be true, it probably is” .
Feedback provided by the Smart Protection Network indicates that this mail is particularly effective in targeting Southeast Asian users:
Figure 3. Most affected countries
Trend Micro blocks the said email message and blocks access to the phishing site.