New scam targeting iPhone users


Tuesday, 23 October, 2018

New scam targeting iPhone users

iPhone users are being warned about a new scam that tries to steal Apple log-in details by sending fake Spotify/iTunes emails.

The phishing email claims to be from Apple and Spotify. If a user clicks on the link, the email says the user had bought a year of Spotify Premium for $150.99 and links to a page to “review your subscription”.

A fake Apple landing page — which looks like a real one — then asks for log-in details.

“One of the most common types of phishing is an email that contains a fraudulent link. In this case, users are likely to give away their personal information, because they will be obviously worried they might be charged $150,” said Ruby Gonzalez, Communications Director of NordVPN.

“The supposed website of a trusted brand, such as Apple, creates a fake sense of familiarity, which misleads people into entering their private information.”

According to Apple, if a user receives an email asking them to update their account or payment information, they should only do so directly in their Settings on the Apple device that they are using. Users can update their passwords at appleid.apple.com.

NordVPN also recommends using its CyberSec feature, which is designed to block advertisements, malicious sites and phishing links. While it’s still not available on iOS, CyberSec can be used on Windows, macOS, Linux, as well as on the mobile app for Android.

NordVPN provides these tips for spotting a phishing email:

  • Check the sender’s address. Don’t just trust the display name — pay attention to the email address. If the domain looks suspicious (eg, info@secure.apple.com), don’t open the email.
  • Look for spelling and grammar mistakes. Serious companies don’t usually send out emails with bad grammar and basic spelling mistakes.
  • Take a look at the greeting. Your bank or another legitimate institution would often address you with your full name. If you see a vague “Dear user” instead, remain vigilant.
  • Don’t click on links — instead, hover your mouse on the button to see the destination link. Check if it looks legitimate and, especially, if it contains the “https” part to indicate a secure connection.
  • When in doubt, contact your bank or other institution over the phone or alternative email address and ask to confirm if the email is legitimate.
  • In addition, two-factor authentication can be set on iOS devices. That way, a hacker would have to go through another control even if they have stolen a user’s login information.
     

For additional safety, use a VPN. Using a VPN when browsing can protect users against malware and phishing that targets online access points.

Image credit: ©stock.adobe.com/au/Lasha Kilasonia

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Digital trust leaders outperform their peers: research

Companies categorised as leaders in implementing digital trust strategies are reaping the...

IT decision-makers believe AI is key to protect against cyber threats: report

According to reseach, 40% of Australian IT decision-makers believe the use of AI will help them...

New Relic upgrades app security testing suite

The New Relic Interactive Application Security Testing solution has been upgraded with new...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd