Apple customers from the United Kingdom and Australia are being targeted with a cleverly designed phishing scheme that tries to dupe them into handing over sensitive information as part of an Apple Discount Card purchase process.
The scam is not new. We’ve seen it at the beginning of April but, at the time, reports only mentioned Australia. Now, according to Symantec, internauts from the UK are also targeted.
So let’s take a look again at how the scam works.
First, the user is presented with a My Apple ID site that tries to replicate the genuine website. Here, the unsuspecting victim is requested to provide his/her Apple ID.
In the next phase of the scam, Apple customers are presented with a form in which they have to fill in their name, address, date of birth, driver’s license, credit card number, card expiration date, and the Verified by MasterCard password.
Apparently, by completing this process, the user receives a discount card that’s worth 100 Australian dollars or 100 British pounds, depending on the victim’s location.
Because this particular plot seems to be enhanced to target more and more individuals from different parts of the world, we will take this opportunity to remind everyone to be careful when providing sensitive information online.
In this case, the site may look much like the original Apple website, but the domain it’s hosted on is certainly one that clearly doesn’t belong to Apple. Always remember that apple.com is not the same thing as apple.maliciousdomain.com.
Also, when making payments, check to ensure that the site you are on utilizes a secure connection represented by the small padlock icon or by the HTTPS string in the browser’s address bar.
Finally, be sure to keep your antivirus solution permanently updated. Security firms do a decent job in flagging malicious sites, saving you the hassle of checking for yourself if the site is genuine or not.