There’s no virus in the iTunes database – it’s a phish!

A new phishing campaign aimed at Apple users has been spotted by security researcher Bryan Campbell.

It takes the form of a fake email supposedly sent by Apple Service, claiming that a “virus” has been detected in the company’s iTunes database, and that users need to “re-validate” their details to keep their iTunes account secure.

“This is the second time out admin is sending you this message and failure to re-validate your iTunes account upon receiving this message, will lead to permanent closing of your account within the next 72 hours,” the message effectively threatens. “Please follow the secure link below to clean and re-validate your iTunes Account.”

The link leads to a spoofed Apple ID login page, and once the login credentials are entered, the victim is redirected to a fake “Update Billing” page:

iTunes database phish

Users whose suspicions weren’t triggered by any of the obvious signs of trickery – the email starting with “Dear Apple Customer” instead with their names, poor spelling, the fake login page’s random domain name that has nothing to do with Apple, etc. – will enter and submit their name, date of birth, address, as well as payment card details and login credentials.

This information is effectively everything the phishers need known to complete fraudulent transactions in the victims’ name and with their money.

The fake pages have already been taken down, but setting them up on again on new locations and changing the link in the phishing email is quick and easy work for the scammers, so Apple users are advised to be on the lookout for similar emails.

“Remember to always be careful about the links you click on, and verifying that a site that is asking for your password is the real deal,” Graham Cluley advises. “A good password manager can help in this regard, refusing to enter a password into a login form if it doesn’t recognise the domain.”

Don't miss