Apple phish: Summary report statement

Posted: August 7, 2017 by Christopher Boyd

If the following message lands in your mailbox, you may wish to throw on your “This is highly suspicious” cap before proceeding further:

The email is titled

RE: [ Summary Report ] Statement login and update account 08/05/2017

Note the old spammer trick of placing “RE:” at the start to make you think there’s some sort of correspondence taking place.

Spoiler: there isn’t.

The message reads as follows:

Apple ID
Account Information Page

We need your help resolving an issue with your account. Thus, we have temporarily lock your account.

We understant it may be frustating not to have full access to your account.

We want to work with you to get your account back to normal as quickly as possible.

How can you help?

It’s usually quite straight forward to take care of these things. Most of time, we just need some more information about your account.

Please complete your account informations by clicking in the link below.

Confirm My Account
We will permanently lock your account if we don’t receive your verification within 24 hours.

Regards,

Apple Support

The URL used is a Goo(dot)gl shortener (now deactivated), which was bouncing users to the final destination below located at

online-appleidsupport-accountimportant(dot)net/Login(dot)php?

Entering an Apple ID and password results in the following (fake) message that the account has been locked:

We’ve noticed significant changes in your account activity. For your protection, we’ve disable [SIC] your account.

Unlock account

The next page asks for a lot of personal information, including: name, address, DOB, phone number, full card information, security question information, and even 3D secure details.

This is not something you want to hand your details over to. This site joins the ranks of phishing pages making use of HTTPs to appear more authentic – here’s the real Apple sign in page:

You’ll notice it mentions the company name. This is called an Extended Validation certificate. The one being used on the phish page claims to be from a service offering free certs to those possessing a web domain.

A good example of why you shouldn’t just believe the site in front of you is legit, purely because there’s HTTPs going on in the background. Emails directing you to pages asking for payment info via embedded links should set off all the warning alarms – and this particular email and website combo should be forever banished to your “ignore forever” folder.

Christopher Boyd

COMMENTS

Barry Charnay

BTW I got a new one. The fake MS guys are keeping a data base of numbers called. I got a call/click (blocked number on cell phone as it turns out, and the program I use doesn’t identify numbers as blocked); I called the number back, he got my cellphone number from Caller I.D. and identified me…incorrectly, but for an understandable reason. He even told me (remember, I called him) that they had found an error in my OS. This strongly suggests they’re networking (which requires either trust or an enforced truce) much more than ever before. Even if the ad is from Crucial…if Crucial has never ever sent you an e-mail before…don’t click on any links; look for information matching the ad on the site…use that…and still avoid the possibly suspicious e-mail. Why? WHAT YOU DON’T USE AND DO DELETE CAN RARELY IF EVER HURT YOU. What you’re ultimately sure of…still can.
Melita Spelbring Hillman

I keep getting emails supposed from Apple confirming a purchase – that I did not make. It comes to my email but nothing ever shows up on my credit card. Obviously wanting me to log in to their fake Apple page to confirm or deny the purchase. I just delete them.
Keith Croes

There are many grammatical and typographic errors, which also should set off the sirens.
Kathy

I have received similar emails alleging to be from Pay Pal. The first one had me fooled until they asked for the login to my bank account!

RELATED ARTICLES

Cybercrime | Malware

Intentional PE Corruption

April 30, 2012 - Malwarebytes Anti-Malware is under constant attack. 24 hours per day, 7 days per week, 365 days per year. If you read my recent blog post about the development of Malwarebytes Chameleon, you know that we at Malwarebytes have big red ‘X’s on our chests; the bad guys are always out to get us. Malwarebytes Anti-Malware...

CONTINUE READING 14 Comments

Cybercrime | Malware

The Cat-and-Mouse Game: The Story of Malwarebytes Chameleon

April 24, 2012 - The fight against malware is a cat-and-mouse game. It is constant and constantly escalating. They make a move, you counter it, they counter your counter, lather, rinse, repeat. What’s more: malware almost always has the advantage. Our software Malwarebytes Anti-Malware earned a reputation for having a high success rate in combating new in-the-wild malware infections:...

CONTINUE READING 7 Comments

Cybercrime | Hacking

Cybercrime at $12.5 Billion: The Great Underreported Threat

May 7, 2012 - From the outside looking in, it may appear that the press regularly reports stories when a company’s website, database or intellectual property has been hacked, stolen or compromised. The more eye-opening fact of the matter is that the scale and scope of the cybercrime problem is much, much larger and the actual incidences of these...

CONTINUE READING 2 Comments

Cybercrime | Hacking

DDOS, Botnets and Worms…Oh My!

May 14, 2012 - The recent attack on the Serious Organized Crime Agency (SOCA), most likely in response to the 36 data selling sites shut down a few weeks ago, lead to the admission by high ranking SOCA officials that the Ministry of Defense networks need to “beef up their security.” In response to this we would like to...

CONTINUE READING 1 Comment

Cybercrime | Exploits

“The Sky is Falling… Are You at Risk from the Flame Malware?”

June 1, 2012 - The last time I checked with Google News this morning there were over 19,100,000 results for “flame malware”. You may have heard many stories this week about this complex trojan. Here are links to three of my current personal favorite articles on “Flame”. Powerful ‘Flame’ cyberweapon tied to popular Angry Birds game – (Fox News)...

CONTINUE READING 3 Comments

ABOUT THE AUTHOR

Christopher Boyd
Lead Malware Intelligence Analyst

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.

CATEGORIES

101 Cybercrime Malwarebytes news PUP Security world

SEARCH LABS

TOP POSTS