The annual Apple event introducing the latest iPhones attracts not only avid fans but also scammers. Some fans who are eager to get first dibs to the newest iPhone models can fall to the baits criminals use.
During the first nine months of 2020, Kaspersky has seen that scammers are consistently interested in Apple users and their accounts. For instance, every month, the company’s researchers have found about 100 suspicious domains around the world mentioning “Apple” as a company. Most of these websites require users to enter their Apple ID and password. The number of such resources increased rapidly in September and, by the end of the month, there were already 1,950 domains.
Having analyzed the names of these resources, Kaspersky’s experts now know that some of them are offering to find lost phones, while others offer help in restoring access to users’ accounts. There are also phishing sites that mimic Apple’s support services. It is most likely that these resources were created with the aim of stealing users’ accounts. However, they did not work properly and were only a “stub” piece of software. Scammers like to use these pages as a precaution so when one resource is blocked, they can activate another.
Kaspersky uncovers espionage campaign using rare malware known as firmware bootkit
Targeted ransomware groups spotted in Southeast Asia – Kaspersky expert
Kaspersky’s security expert Tatyana Sidorina is calling on Apple users to be more careful.
“This resurgence of scammers’ interest in Apple services shows that they would happily benefit from anything that attracts users’ attention,” Sidorina said. “The launch of the new iPhone might be a perfect opportunity for scammers to spread malicious features.”
In order to avoid falling victim to a scam, Kaspersky also advises users:
- To be skeptical about any news or extremely generous offers and promotions
- To verify that messages are coming from reliable sources
- Not to follow links from suspicious emails or messages in instant messengers and social networks
- To check the authenticity of websites they visit
- To install a security solution with up-to-date databases that include knowledge of the latest phishing and spam resources