Phishing and Malware Emails Posing as Apple and the iPhone 5 Launch

[MacRumors]

We've received a number of warnings from readers over the last couple of weeks about fraudulent emails that look a lot like official Apple emails. These emails are structured just like Apple's promotional emails, but are actually attempts to lure unsuspecting customers into entering their Apple IDs and other personal information. Such so called "phishing" attempts are common and readers should be wary about following links from any emails.

What caught our eye is that the latest round of these fraudulent emails are actually leveraging the hype around the next generation iPhone. The latest email (pictured above) passes itself off as an Apple launch email for the iPhone 5. (Full size). It cobbles together various photos from the internet and entices users to click on "Learn More". The learn more link, however, links to a Windows executable which we presume to be malware (virus, trojan, keylogger, etc...), so readers are warned to avoid clicking on any links from these emails.





Reports of compromised App Store and Apple ID accounts have generated a lot of press in the past due to the scale of the iTunes Stores. It was believed that account details were stolen using these sort of techniques rather than any sort of vulnerability in iTunes itself.

Another example:

Article Link: Phishing and Malware Emails Posing as Apple and the iPhone 5 Launch

 

[daneoni]

Glad i decided to remove CC details from my Apple account (and Amazon's) when the PSN story broke.

 

[Hastings101]

Yuck, what an ugly phone on the left.

 

[1083296]

people falling for these obviously fake fraudulent apps/emails is creating a bad reputation for mac users...

 

[atticus18244fsa]

Transparent mode? Ya, ok...

 

[inket]

Whoever falls for that *OBVIOUS* fake email kinda deserves it.

 

[arn]

people falling for these obviously fake fraudulent apps/emails is creating a bad reputation for mac users...

Whoever falls for that *OBVIOUS* fake email kinda deserves it.

They're not all obviously fake. Others look identical to Apple emails. The links just are sent to non apple domains.

arn

 

[Voidness]

"MMS support from AT&T coming in late summer"

When will AT&T get their act together!?

 

[ECUpirate44]

How awful does that big 5 look on the back of the phone lol. I'd know it was fake just because of that.

 

[Boghog]

Whoever falls for that *OBVIOUS* fake email kinda deserves it.

Made me grin how obvious and silly this email is. One might even call it a parody of a phishing mail - if it didn't link to real malware but rather to a webpage ridiculing the victim.

EDIT: looking at it more closely I suspect that it must be a prank. "iPhone just turned black" is hilarious. And the GS after the name iPhone 5. Priceless.

 

[Sammio2]

BAhahahahaha Transparency mode...

For those times when you wish finding your iPhone was that bit harder!

 

[Anaemik]

So, it's transparent AND it has a slide-out keyboard? Cool!

 

[FSMBP]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

Please tell me MacRumors is joking & that this is real. I saw the email and gave them my Apple ID/password & voluntarily sent them the last 4 digits of my soc.

 

[314631]

I just ordered two.

 

[1083296]

Please tell me MacRumors is joking & that this is real. I saw the email and gave them my Apple ID/password & voluntarily sent them the last 4 digits of my soc.

... this is why pc users think they're better than mac users

 

[cgriffis753]

Im Sorry but...

Hate to be a bit harsh, but anybody who actually thought those emails were real has GOT TO BE a friction retard!!!!

 

[bennettave]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

why wouldn't apple sue?

 

[arn]

here's another phishing email

 

[v66jack]

I love the eink style iPhone. Could be awesome for reading on the go. Now you don't hit that lampost.

 

[Bluefusion]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

Please tell me MacRumors is joking & that this is real. I saw the email and gave them my Apple ID/password & voluntarily sent them the last 4 digits of my soc.

...

So what you've gotta do is change your Apple ID's password. Right now.

And then, also, if you're already on the Macrumors forums, why not read the news articles? The iPhone 5 doesn't exist (yet). Would you really have heard absolutely nothing about it? When you're ON the Macrumors website?...

... think a little more next time, k? (I'm trying to be constructive)

 

[celo48]

I don't even know why MacRumors posted this????

 

[technicsdj]

The huge 5 on the back makes me want to add another line just so I can get it. I am so excited about the (TRANSPARENT MODE!!!!!)

 

[FSMBP]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

Please tell me MacRumors is joking & that this is real. I saw the email and gave them my Apple ID/password & voluntarily sent them the last 4 digits of my soc.

...

So what you've gotta do is change your Apple ID's password. Right now.

And then, also, if you're already on the Macrumors forums, why not read the news articles? The iPhone 5 doesn't exist (yet). Would you really have heard absolutely nothing about it? When you're ON the Macrumors website?...

... think a little more next time, k? (I'm trying to be constructive)

Clearly MacRumors can't understand sarcasm today. I figured saying I voluntarily gave them my soc would have made that obvious.

 

[coder12]

... viruses and malware eh?

Oh wait--I'm on a mac

 

[munkery]

Losing valuable data via phishing emails can be avoided.

- Always manually navigate to the logins of encrypted security sensitive websites and never login to these websites from links in emails, email attachments, instant messages, & etc even if the certificate appears to be legitimate. This prevents login credentials from being stolen via advanced phishing techniques that use cross-site scripting.

See the links in my sig for more details.

Glad i decided to remove CC details from my Apple account (and Amazon's) when the PSN story broke.

Unless you fell for the phishing email, your data is not at risk. This does not represent an incident of SQL, PHP, or other types of web app injection that would provide access to the database that stores credit card data.

Removing your data could be a fruitless measure if apple maintains backups of that data for any length of time. But, removing your data won't hurt anything either.