Symantec Connect: Phishers are constantly developing new strategies in an effort to trick end users. In April 2012, phishers created sites spoofing the Apple brand with fake offers for Apple discount cards. In this phishing attack, customers were targeted by region: namely, the UK and Australia.
The phishing sites mimicked the webpage of Apple and prompted customers for their Apple ID. The phishing page stated the customer’s long-term loyalty toward the brand gave them eligibility for an Apple discount card as a reward. Upon entering an Apple ID and clicking the “Next” button, the customer was redirected to a page that asked for more confidential information:
Here, the phisher explained that with a discount card worth 9 Australian dollars (rewarded to the customer), they can receive credit for 100 Australian dollars at any Australian Apple store or on Apple’s Australian website. To accept the offer, customers were asked to provide their personal and credit card information. Personal information included full name, address, date of birth and driver’s license number. Credit card information included credit card number, expiration date, 3 digit security code and secure code password. After clicking the button titled “Submit and get your 100 AU$ Apple Discount Card”, the phishing page redirected to the legitimate Apple website.
The same phishing site was observed targeting UK customers with a discount card of 100 British pounds:
If users fell victim to the above phishing sites by entering their login credentials, phishers would have successfully stolen their information for financial gain.
- Internet users are advised to follow best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages.
- Avoid providing any personal information when answering an email.
- Never enter personal information in a pop-up page or screen.
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
- Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.