New day, new attack method. Hackers are now reportedly using the official Apple account notifications to deliver phishing and malware attacks. Since they use an official email address, the scam messages bypass security filters and look very legitimate to the users. The trick they’re using is not something new, but it shows how easy it is for hackers to exploit tech giants’ messaging systems.
Attackers are misusing Apple’s email system to run phishing campaigns
The whole scam begins when the victim receives an email from an official email.apple.com domain. Since the email comes from an official domain, it bypasses security systems and does not get flagged as suspicious. The email contains details about a fake iPhone order worth $899 from PayPal. It creates a sense of urgency and forces victims to dial a specific number to cancel the purchase.
Since the email comes from an official address, the victims believe the email is a legitimate order notification and proceed to call the mentioned number to cancel the order. When they call the mentioned contact, the person on the other side tries to lure them into sharing their personal details. The attackers also convince the user to install software that is actually hidden malware. Once installed, the crooks get access to the victim’s screen and get complete control of their PC.
Users are convinced to share their private information
Once the attackers successfully establish the connection, they could log into bank accounts, change passwords, and transfer funds, often emptying an Account before the victim even realizes they have been targeted.
The whole trick of the scam is not something new. However, the way attackers are exploiting Apple’s official email domain is concerning. The email address or the domain is the first and most obvious way to identify a scam message. If the scam messages come from an address as genuine as Apple’s official domain, it becomes almost impossible to tell if the content is scam-related or not. To protect yourself, never call a phone number listed in a suspicious email, even if the sender’s address looks real. The safest move is to ignore the message and log in directly to the official company website.
The post Hackers Are Using Apple Account Notifications for a Phishing Campaign and Malware Attack appeared first on Android Headlines.
​Â
