ESET Ireland warns of iTunes phishing scam

28 Jan 2014

Image via Maxx-Studio/Shutterstock

ESET Ireland has discovered a phishing email being sent to Irish iTunes users that may deceive them into thinking it’s official while it connects them to a fake iTunes Connect log-in site built to harvest their information.

Urban Schrott, IT security and cybercrime analyst with ESET Ireland, warns that the confidence iTunes users have in the Apple platform can work against them when it comes to social engineering, particularly phishing scams, wherein cyber-criminals build websites to look as much like official iTunes content as possible in order to collect users’ account details.

Using visual cues from Apple, the email that has been picked up by the IT security company gives the illusion of being from an official source. A link within the email redirects users to a website that several anti-virus vendors have associated with malware distribution. However, on first appearances, the site looks legitimate and requests that the user log in.

Apple iTunes phishing scam

Example of the phishing email discovered by ESET Ireland. Image via Urban Schrott

As this site is built to harvest user data, users could enter any old thing and still be granted access – a quick test for users to try out on suspicious-looking sites.

Apple iTunes phishing scam

The website users are directed to via the iTunes phishing email. Image via Urban Schrott

Once the ‘log in’ is complete, users are asked to confirm personal details, including their credit card number and security code – information Apple would never ask for via email.

Apple iTunes phishing scam

The phishing webpage requesting users’ credit card information. Image via Urban Schrott

Anyone who believes they have been caught out by this scam is advised to change their log-in information immediately. If credit-card information has been handed over, Schrott advises the consumers to cancel the card in question and take steps to limit the potential damage that could result from exposing credit-card details.

Phishing image by Maxx-Studio via Shutterstock

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.