Apple has confirmed the long-awaited new iPhone 14 will be announced to the public on Wednesday September 7, during its global Apple Event. But ahead of the launch some fraudsters have already released schemes targeted at scamming users.
Cybersecurity experts at Kaspersky have already found numerous examples of phishing pages, offering to buy the 14 iPhone, but actually designed to empty victims’ bank accounts and steal their Apple ID accounts.
Overall, from 10 to 25 August, Kaspersky security solutions detected more than 8,700 new iPhone-related phishing sites.
For example, on August 25, Kaspersky experts detected a total of 1,023 iPhone-related phishing pages, which is almost twice the average number of such malicious site detections per day for the period.
The number of detected Apple- and iPhone-related phishing pages from 10th August 2022 to 25th August 2022
Traditionally, before the appearance of any new iPhone in the market, cybercriminals create fake store pages offering either to pre-order a new smartphone at a discount or to even buy it before the official announcement.
Since official photos of the iPhone 14 have not yet appeared online, attackers use photos of older phone models to attract users’ attention. After the victim enters their bank card data to pay for the purchase, funds will be debited from their card, but the user will not receive the order.
Phishing page in Vietnamese, where attackers offer users to pre-order the iPhone 14 Pro Max with a discount
Cybercriminals’ attention to the popularity of iPhones is not limited to the release of new models. Sometimes crooks can get much more, not just by tricking the victim into paying for an order on a fake page, but by gaining access to their Apple ID. Apple ID is an account used to access Apple services such as the App Store, Apple Music, iCloud, iMessage, FaceTime, and more.
Mimicking a standard Apple ID login page, attackers trick victims into entering their usernames and password on the phishing page. They then gain access to all of their victim’s email addresses and sign-in passwords, as well as contacts and payment information. Cybercriminals are also able to access the victim’s iCloud, where their personal photos, document scans, and more are stored.
These photos may later be used by attackers for identity theft or even blackmail.
Users are asked to log in with their Apple ID on the phishing page
To gain access to an Apple ID, attackers can pressure victims by informing them that they could lose their device at any moment due to some threat. For example, Kaspersky experts have found examples of phishing pages that suddenly appear on the screen of the device and warn the victim that “access to this Apple device has been blocked due to illegal activities”.
In order to unlock access to the device, the victim is offered to call a fake Apple support number, which the cybercriminals will actually answer. Such a scheme is called vishing (short for voice phishing), the fraudulent practice of convincing individuals to call cybercriminals and reveal personal information and bank details over the phone.
Often such follow-up pages can “lock” the computer screen, showing only the threat message so that the user has no choice but to call the scammers’ number. During the call, cybercriminals will use various social engineering techniques to obtain Apple ID data, and personal information, or ask for a phone support fee, to get this way credit card details.
The follow-up page with a warning to encourage victims to call cybercriminals
“Cybercriminals often monitor new trends much more actively than ordinary users. They are constantly looking for something trendy that would interest people, and therefore can be used as bait to trick them into entering credentials or payment data,” comments Olga Svistunova, a security expert at Kaspersky.
“The presentation of the new iPhone 14 is no exception and every year we see the increasing activity of attackers around the annual release of new iPhone models. This is why users should always be especially careful and not enter their personal data on suspicious pages, to avoid falling victim to cybercriminals.”