Apple invoice for an App Store purchase that was not made? Beware of fraud!

In addition to PayPal (see here) Apple is once again one of the names that are misused for data theft. Is current, according to the Police of Lower Saxony, a fake Apple invoice floating around via email for an alleged app store purchase. It is a new version of a phishing method that was used by fraudsters in October last year. The perfidious thing about it: via the email and the invoice downloaded via it, you get to a website on which you not only enter your credit card details, but also disclose other personal data.

The fake Apple Mail can look something like this. As an attachment or link, you will receive a PDF (the "invoice"), which leads to the fraudulent website, where personal data, credit card information and ID can be uploaded.

The fake Apple Mail can look something like this. As an attachment or link, you will receive a PDF (the "invoice"), which leads to the fraudulent website, where personal data, credit card information and ID can be uploaded.

Phishing attempt: Fraud with a false Apple bill

The apparent Apple invoice reaches the user via email and suggests that purchases were made via the App Store - either apps or in-app purchases. "[...] The perpetrators are probably also hoping for Apple newbies who only got a new iPhone for Christmas and could have accidentally made purchases inexperienced [...] “, it is said by the Lower Saxony police. It also shows that the link in the mail refers to the dubious URL “appstorezahlungs.com”, which is clearly not an official Apple domain. 

This is what the phishing website, a replica of the Apple ID page, could look like on the iPhone.

This is what the phishing website, a replica of the Apple ID page, could look like on the iPhone.

In the browser either the aforementioned or "secure-appstore.paymentsupport.com" is displayed, as can be seen on an iPhone screenshot of the source. The latter is also not an official Apple domain. Nevertheless, all data on the Apple ID, the user and the means of payment are queried on the fake page with an imitation Apple look. Extensive identity theft is possible with it. And last but not least, you should also “upload your identity”, that is, upload a selfie with your ID and scans of your ID. If you've received an email like the one described above and in the source, hopefully you haven't revealed anything of the kind.

In addition to your name, address, credit card and the like, you will also be asked for your ID and a selfie. This is used in this case of

Phishing no identification process, but identity theft. "width =" 1024 ″ height = "951 ″ /> In addition to your name, address, credit card and the like, your ID and a selfie are also requested. In this case, phishing does not serve as an identity Method, but rather identity theft.

Fell for a fake Apple bill! What should I do?

If you fell for the scam as a new Apple user or because you were not careful enough, you should take a few important steps as soon as possible. Here is a summary of what you should do if you see yourself as a victim of the phishing scam described:

  • On the (real) Apple ID website log in and change the access data there
  • Set up 2-factor authentication for even more security of the account
  • Disconnect all devices networked with the Apple ID, if necessary, lock / delete remotely, and only reconnect with the new access data (Apple ID support)
  • Immediately block the credit card or any other payment method specified (call the bank or call 116116)
  • Report it to the local police station and, if possible, present the mail; also - if this happens - also state that you have uploaded your identity card (because by uploading identity documents the fraudsters can carry out various actions online on your behalf)

You can find more information on the website of the Lower Saxony Police, which is linked at the beginning (this is also the source of the screenshots shown here); You can get help from Apple Support, your bank and the local police station. If you have received an e-mail as described above, do not open the PDF attached, do not download a PDF "invoice" and do not click any links in the e-mail. If you should do all of this, at least don't reveal any personal information!

Boss or Fraud: This is how the “boss trick” works!

-
Do you like my blog? Then I would be happy to receive a short review on Google. Easy leave something here for a moment - that would be great, thank you!

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .