Your Apple ID Was Recently Used On A New Device (SPAM-Phishing)

Background

There is a wide blasting of SPAM emails that pretended to be a legitimate letter from Apple about your user account being used on a new device. Due to people's instinct to click on any link embedded in the email without analyzing the content, SPAM campaigns are usually very effective when disguised under a well known brand.

SPAM investigation

Let's take a deep look and spot the flaws of the email:

9-12-2016-1-Apple-spam

The image above shows the actual content of the email to the Customer. The email only contains two links. Now, if the person who receives this email is entirely anxious about what's happening, they will quickly click the link and will fall directly on the attacker's hands.

The image below shows that the links are the same.

9-12-2016-1stLink-Apple-spam

9-12-2016-2ndLink-Apple-spam

Now, if you are Apple, you won't be using this type of shortened links to hide your intent. You should expect the domain "apple.com" to the links, or simple, don't click the link and head straight to the main apple site and fix your account there.

The flow of the link when clicked:

Compromised Link : hxxps://t.co/EIrKsEkoWI

Landing Page: hxxp://www.applied.secure-authorize.org/protect/account

Summary

As of now, the compromised link will redirect to the landing page, wherein the site is already down and seems to be alive for just a week. But usually, this type of SPAM will only lead to stealing your Apple ID credentials. Once attackers have it, they could then purchase any item from the Apple store with the Credit Card information attached to your Apple ID. They could also change any information they want on your account.

We at Quttera Support, are vigilant when it comes to this type of attacks, as they are very effective to non-technical people. If you have you encountered a similar type of email like the one just discussed? Please let us know through the comments section below.

Your website is infected with malware or blocked by the search engines?

As usual, we are here to clean up any malware from your websites and remove false-positives, blacklisting and other kind alerts by any security vendor and search engines. Just select from suitable ThreatSign! Anti-Malware Plan and get back online.

For other issues and help: Quttera's help-desk