Intel Security Mobile Research has recently found an active phishing campaign targeting iOS users via SMS messages through which scammer tells victims that their Apple accounts have been temporarily locked just to trick them into accessing a phishing site and steal the credentials.
New SMS-phishing Campaign Aimed At Stealing Apple Credentials
Intel Security Mobile Research Specialists team recorded two phishing campaigns aimed at stealing iOS-device user credentials. During the campaigns, attackers distributed SMS-messages containing links to specially crafted phishing or hacked legitimate site.
The message allegedly sent by the administration of App Store, in which the user informed that his/her account is temporarily locked and to restore the access you must have to enter credentials before a certain date, otherwise the account will be locked for forever.
The notification also contained a reference, presumably leading to the appropriate page on the Apple site. However, when you click on the link the user is taken to a fake page with a form to enter the real credentials.
Here is the message which the scammers use to trick victims to successfully carry out the scam and steal their credentials.
“Apple
Your account on the verge of closure !
Your APPLE Account has been temporarily Locked
We have recently determined that more computers are connected to your
account and multiple password failures were present before access.
Now you need to re-confirm your account information to us..
If this is not done within 48 hours, we will be forced to suspend your account
To confirm your Apple ID safely, click on the link below:
Click here to unlock your Apple ID
www.apple.com
Failing to do so until the 28/07/2016 will be considered a denial of our terms
and conditions and your account will be permanently closed.
Failing to do so until the 2810712016 will be considered a denial of our terms
and conditions and your account will be permanently closed.
If you receive this email in the SPAM folder, click on “Not Spam” button to fix it.
Copyright 2016 Apple Inc. All rights reserved.”
In late June this year, it became known on the SMS-phishing campaign against Android users. As part of the scam, attackers intercepted the credentials to access the online banking.
According to the experts, the highest number of victims of phishing campaigns were reported in the United States and the count is about 7,464 users. Owners of iOS-devices in Mexico are also affected, Germany and other countries as well. As noted by the researchers, this is the first campaign of this scale, aimed at users of Apple devices.
