A new email phishing campaign is targeting businesses and consumers who have Apple IDs, trying to get them to enter their Apple login credentials, personal and credit card information into a site that mimics that of the popular tech company, the Comodo Antispam Labs team warns.
The fake email looks threatens with “limitations” on the victims’ Apple account if they don’t provide the needed information:
The email is sent from from firstname.lastname@example.org, and the link included in it currently leads to a fake login page located at https://srv80.prodns.com.br/~good/my-account/en/.
Victims are first instructed to sign into their Apple accounts by entering their login credentials, then to enter their personal info (name, birth date, address) and, finally, their payment card info (holder name, card number, expiration date, Card Verification Value number) (click on the screenshot to enlarge it):
Also, notice how they also ask them to enter their banking sort code, their Verified By Visa and MasterCard 3-D Secure PIN, and Social Security Number – although, ostensibly, that information is not “required”.
The fake page at that particular address has already been removed, but chances are good the phishers have many more already set up, and are sending out emails pointing to those other sites, so users are advised to be careful.