There are many reasons why scammers continue to thrive, one of which is that many mobile and Internet users also continue to believe in their tactics. The attackers’ targets vary from online credentials to bank accounts.
Over the weekend, many Apple ID users were surprised when they received a seemingly legitimate message purported to be coming from the Cupertino-based company, which allegedly told them to confirm their account on a link provided in the text message to prevent it from expiring and avoid getting locked out of your account.
The message appears authentic in all respect. The sender bears the name of AppleInc. The content has a sense of urgency in order to elicit immediate response from the user. Except for the link where the users were asked to confirm their account: it is somewhat different from the main Apple website URL.
It was Graham Cluley who first reported on the incident, observing that the scammers have picked their words cautiously in order to make the message look urgent and prompt users to click on the link with no regard for the consequences.
But this is the strange part: the scammers beefed up even further their fraudulent activity by including the complete names of the victims. It adds to the authenticity of the scam to try to convince the target victims. We are then left with the question: where did the scammers gain access to these names?
You might not be one of those unsuspecting users who would easily fall for this kind of trap. But someone else close to you – a family member, a workmate, a friend – could be the next victim of such a fraud.
Once an unwary user clicks on the link contained in the SMS, the victim will be led to a landing page that pretends to be the true Apple ID login page. Further, the fake login page is intended to collect your date of birth, phone number, address and credit card data.
A quick look at the URL will show that the website is fake, designed only to steal your Apple ID credentials and transmit the stolen data to cyber crooks who then sell the information on the black market, perpetrate online fraud using the data and commit identity theft.
The matter could be exacerbated if you are using the same password for all your cyber accounts, in which case it is not just your Apple ID that’s at risk here.