A new phishing scam has been discovered and it is believed to be directly targeting Apple users with iTunes accounts, according to a report from CBS affiliate WHNT 19 News. While phishing is nothing new, it seems those behind these dubious acts have been coming up with better and more difficult-to-detect ways of trying to obtain sensitive information from their targets.
According to the website of the popular antivirus program, AVG, phishing is "basically any attempt to trick people via email, text messages, or a fake website. The goal can be anything from trying to get people to send money, hand over sensitive information, or even just download malware unwittingly." Phishing attacks can also be hidden in online services and shared files, however, email phishing has become increasingly popular and most attempts rely on the targets making the decision to click corrupted links.
The latest attempt includes sending unsuspecting iTunes users an email that appears to be from Apple. The email goes on to reference a recent "purchase" associated with the target's Apple ID. In order to cancel the "purchase," targets are asked to provide sensitive information, including credit card numbers.
Brooke Smith, an anchor for WVTM 13, also shared a phishing attempt in which the target was asked to log into their Apple accounts in order to prevent the account from being permanently locked.The report mentioned that Apple is currently aware of the numerous scams floating around and is encouraging its customers to forward any suspicious emails to firstname.lastname@example.org. The report went on to say that Apple also suggests that customers keep the following information in mind.
1. Genuine purchase receipts will include your current billing address2. Apple will never ask you to provide personal (such as credit card number or address) information over email3. Only update your account information through the Apple settings
Again, it's worth noting that these attacks aren't exclusive to Apple users. In 2017, a fake Google Docs link began circulating and affected several media companies, a report from Wired explained. In that same year, another major brand was also affected by a phishing scam after Netflix users were alerted that their accounts were up for suspension if they didn't provide personal information to stop it, Wired also reported.
Another tip provided by Aaron Higbee, CTO of the phishing defense firm PhishMe, is to switch things up by making sure you use different passwords for all your accounts.
"Your email address password needs to be different even if you don't vary all your passwords. That alone will prevent a lot of damage," he told Wired.