Objections based on secure hardware or secure software are also not effective if the “human” vulnerability is targeted: fraudsters want to use a fake invoice to gain access to iTunes and credit card details.
FotoMagico 5 was purchased using your own Apple account A fake email indicates this purchase:
Clever solution: the email largely doesn't give the impression that it could be a bad purchase or a purchase made by a third party, only in passing is it noted that this purchase could not have been done properly:
You [sic] order is under review because our system detect that you use a new unknown device
If you are not who process this transaction you can cancel it
at http://buy.itunesconnect.com/WebObjects/…./accountSummary.
The link displayed is NOT the actual link, there is a different link in the source text of the email.
Phish
There is a phishing scam behind this email: this email is sent randomly in the hope that, on the one hand, it will reach Apple users, but on the other hand, that they will be irritated by the content and make a supposed cancellation using the built-in link.
However, this cancellation leads to a fake page at the address “ itunesconnect.id-manage.config.easyway.cdin.easyset02016.com “. There you will find a replica Apple login:
The goal at this point is of course that the visitor gets the feeling that they are here at Apples and the iTunes login and therefore feel safe. The aim here is to steal the user's data, in the first step the access data, in the second step the credit card data.
Caution! Every type of entry made here ends up in fraudster databases!
General phishing warning:
- Phishing emails generally try to appear as if they come from the relevant company . Fraudsters use these to try to get personal data, preferably bank credit cards or other payment data.
- Protection software is helpful! With updated databases and appropriate heuristics, malicious sites are often blocked. We use Kaspersky protection software .
- The real “art” of these emails is the story with which the recipient is supposed to trust the email and open the inserted link. Expression, grammar and spelling, as well as plausibility and individuality play a very important role here. Especially in the recent past, there have been an increasing number of emails that shined with individuality: they could address the recipient with the correct name and also provide actual address and personal data.
- However, you can generally note: Banks, payment and purchase portals never ask you to log in to the account using a built-in link! In addition, although a generic salutation is always an indication of phishing, an existing correct salutation is not proof of the authenticity of an email .
- Tip on your smartphone: press and hold a link until a dialog window opens with the link preview. This shows where an embedded link should lead.
- Never log in via a link that is sent by email, but always type the relevant page by hand into the address bar of your browser and log in there. If there are actually announcements of the relevant service, they will be displayed there. In addition, if possible, you should also refrain from carrying out banking transactions via public/third-party WiFi networks , as you never know exactly whether (and in an emergency from whom) these networks are being used be logged.
- Never enter real data in the form fields! Under certain circumstances, the data can even while typing without having to confirm with “continue”.
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )