Apple ‘Subscription Confirmation’ Phishing Scam

Uploaded on 2019-02-20 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In a wave of fake email messages to users Apple apparently claims that your due payment has been scheduled. It includes an attached PDF that supposedly contains information about the payment.

Opening the attachment reveals what appears to be a subscription confirmation receipt from Apple.  The receipt supposedly confirms that you have purchased a subscription for a popular music app and Apple will charge you an ongoing monthly fee.

The receipt explains that if you didn’t order the subscription or you think an unauthorised person has accessed your account, you should click a “cancel” link.

However, Apple did not send the email. Instead, it is a phishing scam designed to trick you into handing over your personal information to online criminals.

Clicking the link opens a fraudulent website that has been built to emulate the official Apple site. The fake webpage first asks you to log in with your Apple ID. Next, it asks you to complete a ‘Cancel Subscription” form. The form requests your name and contact details, your credit card numbers, and other identifying information.

After you submit the form, the site redirects you to the real Apple website. Meanwhile, the criminals can collect the information you supplied and use it to hijack your Apple account, conduct fraudulent transactions with your credit card, and, possibly, steal your identity as well.

Phishing scams like this one are very common. If you receive one, do not click any links or open any attachments that it contains. The Apple website includes information about identifying and reporting these phishing emails.

Hoax Slayer: 

You Might Also Read: 

Going Postal: ‘We Have Sent You a Message’:

« New Zealand Business Has Increased Cybersecurity Spending, Not Expertise
Trump Wants US Government To Prioritise AI »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today.

TechVets

TechVets

TechVets is a non-for-profit helping UK veterans and service leavers retrain into Cyber Security and Technology jobs.

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

ADVA Optical Networking

ADVA Optical Networking

ADVA is a company founded on innovation and focused on helping our customers succeed. Our technology forms the building blocks of a shared digital future and empowers networks across the globe.

Axiado

Axiado

Axiado Corporation is a security processor company redefining hardware root of trust with hardware-based security technologies, including per-system AI.

BaaSid

BaaSid

BaaSid is next generation security technology for data security & security authentication based on De-centralized & Blockchain.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

Carahsoft Technology Corp

Carahsoft Technology Corp

Carahsoft Technology is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets.

iConnect IT Business Solutions DMCC

iConnect IT Business Solutions DMCC

iConnect is a trusted IT Solutions and Technology Services company, proudly serving clients across the Middle East and Africa.

Aeris

Aeris

Aeris IoT Watchtower is the world’s first fully integrated cyber security solution for cellular IoT devices.