The concept of a fake notification is nothing new, but a fresh take has been spotted which targets Irish Apple users.
According to security vendor ESET, the user receives a fraudulent notification of a purchase made via an Apple ID, and that the recipient should “reset your password”. The message gives an order number, appears to be from “@apple-store-co.com” and cheekily offers “tips for protecting the security of your account”.
Naturally the link leads to a fake iTunes site, which harvests passwords so that cyber criminals can then actually log into the victim’s account and abuse it.
ESET said that this scam is clever in that it already acknowledges that people are becoming increasingly suspicious of online fraud and incorporates this into its own scamming strategy. It recommended users treat every such “confirmation email” with scepticism and clicking any links within it should be avoided, as in most cases they lead to faked websites, which may not only harvest your passwords but also try to infect you with drive-by malware.
