Fake dispatch confirmation emails for a bogus order of an iPhone from Apple’s App Store are hitting inboxes, warns Hoax-Slayer.
This is just the latest variant of the usual “Confirm your Apple ID account” targeting Apple users, but the email does seem, at first glance, like something Apple might send out:
As the address to which the fake order is supposedly going to be dispatched is not that of the email’s recipient, it’s likely that some of them will click on the prominent “If you did not make this order, click here to cancel” link because they believe their Apple account has been hijacked.
The link will take them to a spoofed Apple ID login page, and then to a bogus “Cancel Order” form that asks for their payment card details and personal information.
Needless to say, the info is collected by the scammers behind this scheme, and will be used to hijack the victims’ account and perform fraudulent financial transactions.
Apple provides good advice on how to identify legitimate emails from the iTunes Store and phishing emails impersonating the company, so there’s no reason why users should fall for this scam.
Unfortunately, the right combination of curiosity, context, and emotions will often mess with users’ evaluation skills and good judgement.