Apple has confirmed the long-awaited new iPhone 14 will be available to the public on the 7thorder of September during the September Apple Worldwide Event.
Cybersecurity experts at Kaspersky have found many examples of phishing pages, offering to buy an iPhone 14, but are actually designed to empty the victim’s bank account and steal their Apple ID account. surname.
Overall, between August 10 and 25, Kaspersky security solutions detected more than 8,700 new iPhone-related phishing sites.
As the iPhone 14 announcement date approaches, the number of phishing sites is also increasing.
For example, on August 25, Kaspersky experts detected a total of 1,023 iPhone-related phishing pages, nearly double the average malicious site detections per day during this period.
The number of phishing pages related to Apple and iPhone detected from 10order August 2022 to 25order August 2022
Traditionally, before any new iPhone hits the market, cybercriminals create fake store pages offering Pre-order a new smartphone discount or even buy it before official announcement.
Since official photos of the iPhone 14 have not yet appeared online, the attackers used photos of older phone models to gain users’ attention. After the victim enters their bank card data to pay for the purchase, money will be debited from their card, but the user will not receive the order.
Phishing page in Vietnamese, where attackers invite users to pre-order iPhone 14 Pro Max at a discounted price
Cybercriminals’ attention to the iPhone’s popularity is not limited to the release of new models. Sometimes scammers can earn more, not only by tricking victims into paying for an order on a fake site, but also by gain access to their Apple ID. Apple ID is the account used to access Apple services like App Store, Apple Music, iCloud, iMessage, FaceTime, etc.
Mimicking the standard Apple ID login page, the attackers trick victims into entering their username and password on the phishing page. They then have access to all of the victim’s email addresses and login passwords, as well as contacts and payment information. Cybercriminals can also access the victim’s iCloud, which stores personal photos, document scans, etc.
These photos can then be used by attackers for identity theft or even blackmail.
Users are asked to sign in with their Apple ID on the scam site
To gain access to the Apple ID, the attacker can pressure the victim by notifying them that they can lose the device at any time due to some threat. For example, Kaspersky experts have found examples of phishing pages that suddenly appear on the device’s screen and warn victims that “Access to this Apple device has been blocked due to illegal activities”.
To unlock access to the device, the victim is suggested to call a fake Apple support number, which the cybercriminal will actually answer. Such a plan is called desire (short for voice phishing), the fraudulent practice of persuading individuals to call cybercriminals and reveal personal information and banking details over the phone.
Often, such tracking sites can “lock” the computer screen, displaying only a threatening message leaving the user with no choice but to call the scammer’s number. During the call, cybercriminals will use various social engineering techniques to obtain Apple ID data and personal information or request a phone support fee to obtain credit card details in a this.
Tracker page with warning encouraging victims to call cybercriminals
“Cybercriminals often follow new trends much more actively than the average user. Olga Svistunova, Kaspersky security expert, comments: “They are constantly looking for something trendy that might interest people and can therefore be used as bait to trick them into entering their login credentials. or payment data.
“The introduction of the new iPhone 14 is no exception and every year we see increased attacker activity around the release of new iPhone models every year. This is why users must always be especially careful and not enter their personal data into suspicious sites, to avoid becoming a victim of cybercrime.”