Phishing attacks are not new and just a month back, in the United Kingdom, a similar online assault was made by an obviously highly professional group using a devious internet process made unknowing people fill up forms which includes pertinent bank information and through this, the perpetrators were able to get a huge amount from the bank where these people had accounts with. Lately, iTunes is being used by and its millions of subscribers being duped into divulging their bank information as well.
According to PandaLabs, a security analysis company, a very professionally written email containing a bogus online receipt is randomly sent to people. The letter notifying the receiver that they have just recently made a purchase on iTunes and the fake receipt seals the deal for them. A link is provided if the receiver wants to know more details of the said iTunes transaction and the moment that the receiver of the email clicks on the link, the actual phishing process starts.
The user is now redirected to a Russian web page after being asked to download a counterfeit PDF reader and the website where the user just landed on contains Trojan worms and other malwares that do not do anything than steal people’s personal information including bank details. Says the technical director of Pandalabs Luis Corrons: “It never ceases to surprise us that the techniques used to trick victims continue to be so simple. It's often difficult not to fall in the trap. That's why it's absolutely crucial that when you use platforms such as iTunes, and you receive these types of notifications, never go to the website through the e-mail, but rather from the platform itself."
In the same interview, Corrons mentioned that "around 300,000 e-mails pass through their spam filter over the last weekend alone," a relatively low number considering the vast flow of e-mail on the Internet today. But Corrons predicts "the number could be a lot higher in days to come. Whilst Panda do not have a figure on the numbers taken in by the scam, the Antiphishing Working Group has blocked some of the web addresses linked to the fake e-mail in order to protect users, he continued with his interview with FoxNews.
Apple has not made any official statement yet regarding this latest phishing incident but it warns their customers that if they see anything even vaguely similar to the act of phishing to immediately notify them through reportphishing@apple.com.
You must log in to post a comment.