09:10 AM
Connect Directly

Online Scammers Take Advantage Of iPhone 6, iWatch Hype

Phishing message claims to provide links to leaked iPhone 6 information and pictures.

Opportunistic cybercrooks are taking advantage of Apple enthusiasts' interest in the company's hottest new gadgets with a phishing campaign that promises the inside scoop on the iPhone 6 and the iWatch, security experts warned yesterday.

As the release date nears for these highly anticipated devices, criminals will increasingly use the lure of "leaked" information as an effective hook to land victims for various online scams, they say.

"We ask users to be careful of these 'announcement' emails, as they are fertile ground for phishing and other threats," writes Trend Micro's Jonathan Leopando in a blog post on the threat.

Trend's researchers discovered the emails over the weekend, explaining that the recent messages targeted journalists and other sources. The design featured the Spartan aesthetic frequently found in Apple missives, along with messages about how "the wait is over" for devices that allow users to do more than ever. Alongside that, there are supposedly leaked product photos and links to malicious sites to take advantage of curious readers.

Users who don’t keep track of Apple rumors or the iPhone release schedule might be caught out by this email, as it uses language that wouldn’t be out of place in a real Apple announcement. However, two things are worth noting: a July release would not fit the recent Apple release calendar--both the iPhone 5 and 5S were released in September, and the design in the email does not match recent mockups released by Apple rumor sites.

According to data compiled by Trend Micro last fall, around the time of the last release of Apple smartphones, cyber criminals tend to make hay with the hype over new Apple products. Whereas the number of Apple phishing sites identified early last year by Trend researchers numbered only in the hundreds, they started spiking into the thousands in May and continued that way through the announcement date in September.

If these latest phishing messages coincide with last year's trending numbers, email recipients should be wary. In particular, Apple users themselves should be careful. Just last week, US-CERT encouraged users and administrators to pay attention to security updates in Mac OSX, Safari, iOS devices, and Apple TV that addressed "multiple vulnerabilities, some of which could allow attackers to execute arbitrary code with system privileges or cause an unexpected application termination." It wouldn't be outside the realm of possibility to expect future scams to take advantage of these vulnerabilities.

"Ignore, delete and block these emails," says Christopher Budd, Trend Micro's global threat communication manager. "Do not give these emails a second thought because they are clearly lures to try to lead recipients down a path that may be harmful. This email scam is a common tactic used by cybercriminals. They latch themselves onto popular events or product releases, such as new hardware or video games, and draw unsuspecting into giving away vital security information."

According to the recent quarterly Anti-Phishing Workgroup (APWG) report, the first quarter of 2014 saw yet another increase in phishing attacks. Not only did the number of phishing sites creep up by 10.7 percent over the fourth quarter of 2013, but the number of brands targeted increased from 525 to 557 over the same time period.

"The number and diversity of phishing targets continued to increase," says Greg Aaron, senior research fellow for APWG and president of Illumintel.  "Almost any enterprise that takes in personal data via the web is a potential target."

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/8/2014 | 11:14:48 AM
Spike in iPhone phishing sites
If the number of past Apple phishing sites are a key predictor, I would suspect that this year's wave will reach into the tens of thousands! Yikes. 

Whereas the number of Apple phishing sites identified early last year by Trend researchers numbered only in the hundreds, they started spiking into the thousands in May and continued that way through the announcement date in September.
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.