In addition to PayPal (see here) Apple is once again one of the names that are misused for data theft. Is current, according to the Police of Lower Saxony, a fake Apple invoice floating around via email for an alleged app store purchase. It is a new version of a phishing method that was used by fraudsters in October last year. The perfidious thing about it: via the email and the invoice downloaded via it, you get to a website on which you not only enter your credit card details, but also disclose other personal data.
Chapter in this post:
Phishing attempt: Fraud with a false Apple bill
The apparent Apple invoice reaches the user via email and suggests that purchases were made via the App Store - either apps or in-app purchases. "[...] The perpetrators are probably also hoping for Apple newbies who only got a new iPhone for Christmas and could have accidentally made purchases inexperienced [...] “, it is said by the Lower Saxony police. It also shows that the link in the mail refers to the dubious URL “appstorezahlungs.com”, which is clearly not an official Apple domain.
In the browser either the aforementioned or "secure-appstore.paymentsupport.com" is displayed, as can be seen on an iPhone screenshot of the source. The latter is also not an official Apple domain. Nevertheless, all data on the Apple ID, the user and the means of payment are queried on the fake page with an imitation Apple look. Extensive identity theft is possible with it. And last but not least, you should also “upload your identity”, that is, upload a selfie with your ID and scans of your ID. If you've received an email like the one described above and in the source, hopefully you haven't revealed anything of the kind.
Fell for a fake Apple bill! What should I do?
If you fell for the scam as a new Apple user or because you were not careful enough, you should take a few important steps as soon as possible. Here is a summary of what you should do if you see yourself as a victim of the phishing scam described:
- On the (real) Apple ID website log in and change the access data there
- Set up 2-factor authentication for even more security of the account
- Disconnect all devices networked with the Apple ID, if necessary, lock / delete remotely, and only reconnect with the new access data (Apple ID support)
- Immediately block the credit card or any other payment method specified (call the bank or call 116116)
- Report it to the local police station and, if possible, present the mail; also - if this happens - also state that you have uploaded your identity card (because by uploading identity documents the fraudsters can carry out various actions online on your behalf)
You can find more information on the website of the Lower Saxony Police, which is linked at the beginning (this is also the source of the screenshots shown here); You can get help from Apple Support, your bank and the local police station. If you have received an e-mail as described above, do not open the PDF attached, do not download a PDF "invoice" and do not click any links in the e-mail. If you should do all of this, at least don't reveal any personal information!
Boss or Fraud: This is how the “boss trick” works!
Related Articles
Jens has been running the blog since 2012. He acts as Sir Apfelot for his readers and helps them with technical problems. In his spare time he rides electric unicycles, takes photos (preferably with the iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions to current bugs.