Apple ‘Subscription Confirmation’ Phishing Scam

Uploaded on 2019-02-20 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In a wave of fake email messages to users Apple apparently claims that your due payment has been scheduled. It includes an attached PDF that supposedly contains information about the payment.

Opening the attachment reveals what appears to be a subscription confirmation receipt from Apple.  The receipt supposedly confirms that you have purchased a subscription for a popular music app and Apple will charge you an ongoing monthly fee.

The receipt explains that if you didn’t order the subscription or you think an unauthorised person has accessed your account, you should click a “cancel” link.

However, Apple did not send the email. Instead, it is a phishing scam designed to trick you into handing over your personal information to online criminals.

Clicking the link opens a fraudulent website that has been built to emulate the official Apple site. The fake webpage first asks you to log in with your Apple ID. Next, it asks you to complete a ‘Cancel Subscription” form. The form requests your name and contact details, your credit card numbers, and other identifying information.

After you submit the form, the site redirects you to the real Apple website. Meanwhile, the criminals can collect the information you supplied and use it to hijack your Apple account, conduct fraudulent transactions with your credit card, and, possibly, steal your identity as well.

Phishing scams like this one are very common. If you receive one, do not click any links or open any attachments that it contains. The Apple website includes information about identifying and reporting these phishing emails.

Hoax Slayer: 

You Might Also Read: 

Going Postal: ‘We Have Sent You a Message’:

« New Zealand Business Has Increased Cybersecurity Spending, Not Expertise
Trump Wants US Government To Prioritise AI »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Voyager Networks

Voyager Networks

Voyager Networks is an IT solutions business with a focus on Enterprise Networks, Security and Collaborative Communications.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Zeneth Technology Partners

Zeneth Technology Partners

Zeneth is a consulting firm providing information technology and cybersecurity services to federal and commercial clients.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

ICS-ISAC is a non-profit, public/private Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Calamu

Calamu

Calamu is a software-defined storage security and resiliency platform that keeps your data secure and accessible wherever you choose to store it.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.