iPhone 14 scam targets victims’ wallets

As Apple prepares to unveil the long-awaited new iPhone 14 tomorrow, 7 September, during a global event, Kaspersky experts have found numerous examples of phishing pages, offering to buy the 14 iPhone. In fact, they are actually designed to empty victims’ bank accounts and steal their Apple ID accounts. From 10 to 25 August, Kaspersky security solutions detected more than 8,700 new iPhone-related phishing sites.

As the iPhone 14 announcement date got closer, the number of phishing pages was also increasing. For example, on August 25, Kaspersky experts detected a total of 1,023 iPhone-related phishing pages, almost twice the average number of such malicious site detections per day for the period.

Traditionally, before the appearance of any new iPhone in the market, cybercriminals create fake store pages offering either to pre-order a new smartphone at a discount or to buy it before the official announcement. Since official photos of the iPhone 14 have not yet appeared online, attackers use photos of older phone models to attract users’ attention. After the victim enters their bank card data to pay for the purchase, funds will be debited from their card, but the user will not receive the order. 

Cybercriminals’ attention to the popularity of iPhones is not limited to the release of new models. Sometimes crooks can get much more, not just by tricking the victim into paying for an order on a fake page, but by gaining access to their Apple ID. Apple ID is an account used to access Apple services such as the App Store, Apple Music, iCloud, iMessage, FaceTime, and more. Mimicking a standard Apple ID login page, attackers trick victims into entering their usernames and password on the phishing page. They then gain access to all of their victim’s email addresses and sign-in passwords, as well as contacts and payment information. Cybercriminals are also able to access the victim’s iCloud, where their personal photos, document scans, and more are stored. These photos may later be used by attackers for identity theft or even blackmail.

To gain access to an Apple ID, attackers can pressure victims by informing them that they could lose their device at any moment due to some threat. For example, Kaspersky experts have found examples of phishing pages that suddenly appear on the screen of the device and warn the victim that “access to this Apple device has been blocked due to illegal activities”. In order to unlock access to the device, the victim is offered to call a fake Apple support number, which the cybercriminals will actually answer. Such a scheme is called vishing (short for voice phishing), the fraudulent practice of convincing individuals to call cybercriminals and reveal personal information and bank details over the phone. Often such follow-up pages can “lock” the computer screen, showing only the threat message so that the user has no choice but to call the scammers’ number. During the call, cybercriminals will use various social engineering techniques to obtain Apple ID data, and personal information, or ask for a phone support fee, to get this way credit card details.

“Cybercriminals often monitor new trends much more actively than ordinary users,” says Olga Svistunova, a security expert at Kaspersky. “They are constantly looking for something trendy that would interest people, and therefore can be used as bait to trick them into entering credentials or payment data. The presentation of the new iPhone 14 is no exception and every year we see the increasing activity of attackers around the annual release of new iPhone models. This is why users should always be especially careful and not enter their personal data on suspicious pages, to avoid falling victim to cybercriminals.”

To avoid falling victim to scams, Kaspersky recommends users:

·         Check the authenticity of the website before entering personal data, and only use official, trusted web pages. Double-check URL formats and company name spellings.

·         It’s better not to follow links from e-mails at all. Instead, you can open a new tab or window and enter the URL of your bank or other destination manually.

·         Avoid logging into online banking and similar services via public Wi-Fi networks. Hotspots are convenient, but it’s better to use a secure network. Open networks can be created by criminals who, among other things, spoof website addresses over the connection and thereby redirect you to a fake page.

·         Use a reliable security solution, such as Kaspersky Security Cloud, that identifies malicious attachments and blocks phishing sites