“Welcome to iCloud Mail” Phishing Emails Trick Apple Users
The fraudulent “Welcome to iCloud Mail” emails target naive users into divulging their Apple account ID and banking details.
Scammers use phishing and other types of social engineering to try to trick users into sharing personal information. Apple users have been hit with yet another wave of such phishing scam. The fraudulent “Welcome to iCloud Mail” emails target naive users into divulging their Apple account ID and banking details.
The feigned email, that looks deceptively official, states that Apple has been unable to confirm account information and that the account has been suspended. This is accompanied by a link to a supposed login page. This is much similar to the attack almost 6 months back, when users received mails that claimed their account was blocked.
The site prompts the user to login with their Apple ID and password. However, the process continues further, asking for additional details like credit card details and home address. Once the user provides all details, the fraudulent site redirects to the legitimate company site.
Once an attacker is equipped with all the details it is possible for them to:
- Extract more details with full access to the target’s account.
- Perform transactions from the target’s Apple account. The financial information supplied is enough to buy products and services or make fraudulent purchases.
- Possibly attempt to steal identity.
The repercussions are dire indeed. The target’s account can be used to further the scamming process by sending scam messages. Personal data backed up on cloud, like photos, are open for access.
Therefore, it is necessary to be on your guard and look out for any such scams. Apple encourages its users to identify and report any instance of phishing mails or suspicious messages.
Some handy tips include checking the URL of a site or the sender address of a email that demands user information. Most often, the URL or mail ID looks fishy and does not match with the company.
Hence, to avoid falling victim to such nuances, refrain from sharing account information over emails, messages or attached links. Apple urges users to turn on two-factor authentication for the Apple ID. This ensures that simply having the ID and password isn’t enough to access your account.
It is clear that such attacks are nowhere near their ebbing point. It is important, therefore, to advocate user awareness to protect sensitive data from malicious attacks.