9 Dec, 2016

Your Apple ID Was Recently Used On A New Device (SPAM-Phishing)

Learn how to spot and avoid a SPAM email that pretends to be from Apple and tries to steal your Apple ID credentials.
There is a wide blasting of SPAM emails that pretended to be a legitimate letter from Apple about your user account being used on a new device. Due to people's instinct to click on any link embedded in the email without analyzing the content, SPAM campaigns are usually very effective when disguised under a well known brand.
SPAM Investigation
Let's take a look and spot the flaws of the email:
The image above shows the actual content of the email to the Customer. The email only contains two links. Now, if the person who receives this email is entirely anxious about what's happening, they will quickly click the link and will fall directly on the attacker's hands.

The image below shows that the links are the same.
Now, as a well reputed company, Apple won't be using this type of shortened links to hide intent. You should expect the domain "apple.com" in all the links, or better, don't click the link at all and head straight to the main apple site and fix your account there.

The flow of the link when clicked:

Compromised Link: hxxps://t.co/EIrKsEkoWI

Landing Page: hxxp://www.applied.secure-authorize.org/protect/account
As of now, the compromised link will redirect to the landing page, wherein the site is already down and seems to be alive for just a week. But usually, this type of SPAM will only lead to stealing your Apple ID credentials. Once attackers have it, they could then purchase any item from the Apple store with the Credit Card information attached to your Apple ID. They could also change any information they want on your account.

We at Quttera Support, are vigilant when it comes to this type of attacks, as they are very effective to non-technical people. If you have you encountered a similar type of email like the one just discussed? Please let us know through the comments section below.
Is your website flagged for malware, blocked by the search engines or disabled by the host?
Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and other kinds of alerts by any security vendor and search engines. Just select from suitable ThreatSign! Anti-Malware Plan and get back online.

For other issues and help: Quttera's help-desk