09:10 AM
Connect Directly

Online Scammers Take Advantage Of iPhone 6, iWatch Hype

Phishing message claims to provide links to leaked iPhone 6 information and pictures.

Opportunistic cybercrooks are taking advantage of Apple enthusiasts' interest in the company's hottest new gadgets with a phishing campaign that promises the inside scoop on the iPhone 6 and the iWatch, security experts warned yesterday.

As the release date nears for these highly anticipated devices, criminals will increasingly use the lure of "leaked" information as an effective hook to land victims for various online scams, they say.

"We ask users to be careful of these 'announcement' emails, as they are fertile ground for phishing and other threats," writes Trend Micro's Jonathan Leopando in a blog post on the threat.

Trend's researchers discovered the emails over the weekend, explaining that the recent messages targeted journalists and other sources. The design featured the Spartan aesthetic frequently found in Apple missives, along with messages about how "the wait is over" for devices that allow users to do more than ever. Alongside that, there are supposedly leaked product photos and links to malicious sites to take advantage of curious readers.

Users who don’t keep track of Apple rumors or the iPhone release schedule might be caught out by this email, as it uses language that wouldn’t be out of place in a real Apple announcement. However, two things are worth noting: a July release would not fit the recent Apple release calendar--both the iPhone 5 and 5S were released in September, and the design in the email does not match recent mockups released by Apple rumor sites.

According to data compiled by Trend Micro last fall, around the time of the last release of Apple smartphones, cyber criminals tend to make hay with the hype over new Apple products. Whereas the number of Apple phishing sites identified early last year by Trend researchers numbered only in the hundreds, they started spiking into the thousands in May and continued that way through the announcement date in September.

If these latest phishing messages coincide with last year's trending numbers, email recipients should be wary. In particular, Apple users themselves should be careful. Just last week, US-CERT encouraged users and administrators to pay attention to security updates in Mac OSX, Safari, iOS devices, and Apple TV that addressed "multiple vulnerabilities, some of which could allow attackers to execute arbitrary code with system privileges or cause an unexpected application termination." It wouldn't be outside the realm of possibility to expect future scams to take advantage of these vulnerabilities.

"Ignore, delete and block these emails," says Christopher Budd, Trend Micro's global threat communication manager. "Do not give these emails a second thought because they are clearly lures to try to lead recipients down a path that may be harmful. This email scam is a common tactic used by cybercriminals. They latch themselves onto popular events or product releases, such as new hardware or video games, and draw unsuspecting into giving away vital security information."

According to the recent quarterly Anti-Phishing Workgroup (APWG) report, the first quarter of 2014 saw yet another increase in phishing attacks. Not only did the number of phishing sites creep up by 10.7 percent over the fourth quarter of 2013, but the number of brands targeted increased from 525 to 557 over the same time period.

"The number and diversity of phishing targets continued to increase," says Greg Aaron, senior research fellow for APWG and president of Illumintel.  "Almost any enterprise that takes in personal data via the web is a potential target."

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/8/2014 | 11:14:48 AM
Spike in iPhone phishing sites
If the number of past Apple phishing sites are a key predictor, I would suspect that this year's wave will reach into the tens of thousands! Yikes. 

Whereas the number of Apple phishing sites identified early last year by Trend researchers numbered only in the hundreds, they started spiking into the thousands in May and continued that way through the announcement date in September.
Register for Dark Reading Newsletters
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.