Users with Apple accounts are facing legitimate-looking phishing emails after their account credentials, personal and financial information.
“Your online access has been blocked,” according to the fake email equipped with the Apple logo and color scheme, said researchers at security firm Hoax-Slayer.
“As part of our ongoing commitment to provide the ‘Best Possible’ service and protection to all our customers, we are requiring each Customer to Update their account (s) using the new SSL servers to avoid suspension of you online access. Please Update your online account (s) by clicking bellow account update,” the message said.
The link then takes the victims to a fake Apple login page, where can enter their Apple ID and password. After “signing in,” they are urged to enter their full name, address, phone number, birth data, mother’s maiden name, name on payments card, card number, expiration date, and security number.
Once the victim enters all this information, he or she ends up redirected to the legitimate Apple website.
The entered information ends up in the hands of cyber crooks, who will use it to perform identity theft, card fraud, and to hijack the victims’ Apple Account in order to misuse it for spamming and other nefarious activities, Hoax-Slayer researchers said in a blog post.