Cybercriminals empty victims’ wallets ahead of new popular smartphone release

Apple has confirmed the long-awaited new iPhone 14 will be announced to public on 7th September during its global Apple Event in September. Kaspersky experts have already found numerous examples of phishing pages, offering to buy 14 iPhone, but actually designed to empty victims’ bank accounts and steal their Apple ID accounts. Overall, from 10 to 25 August, Kaspersky security solutions detected more than 8,700 new iPhone-related phishing sites.

As the iPhone 14 announcement date gets closer, the number of phishing pages has been also increasing. For example, on August 25, Kaspersky experts detected a total of 1,023 iPhone-related phishing pages, which is almost twice the average number of such malicious sites detections per day for the period.

Traditionally, before the appearance of any new iPhone in the market, cybercriminals create fake store pages offering either to pre-order a new smartphone at a discount, or to even buy it before the official announcement. Since official photos of the iPhone 14 have not yet appeared online, attackers use photos of older phone models to attract users’ attention. After the victim enters their bank card data to pay for the purchase, funds will be debited from their card, but the user will not receive the order.

Cybercriminals’ attention to the popularity of iPhones is not limited to the release of new models. Sometimes crooks can get much more, not just by tricking the victim into paying for an order on a fake page, but by gaining access to their Apple ID. Apple ID is an account used to access Apple services such as the App Store, Apple Music, iCloud, iMessage, FaceTime, and more. Mimicking a standard Apple ID login page, attackers trick victims into entering their username and password on the phishing page. They then gain access to all of their victim’s email addresses and sign in passwords, as well as contacts and payment information. Cybercriminals are also able to access the victim’s iCloud, where their personal photos, document scans, and more is stored. These photos may later be used by attackers for identity theft or even blackmail.

To gain access to an Apple ID, attackers can pressure victims by informing them that they could lose their device at any moment due to some threat. For example, Kaspersky experts have found examples of phishing pages that suddenly appear on the screen of the device and warn the victim that “access to this Apple device has been blocked for due to illegal activities”. In order to unlock access to the device, the victim is offered to call a fake Apple support number, where the cybercriminals will actually answer. Such scheme is called vishing (short for voice phishing), the fraudulent practice of convincing individuals to call cybercriminals and reveal personal information and bank details over the phone. Often such follow-up pages can “lock” the computer screen, showing only the threat message, so that the user has no choice but to call the scammers’ number. During the call, cybercriminals will use various social engineering techniques to obtain Apple ID data, personal information, or ask for a phone support fee, getting this way credit card details.

“Cybercriminals often monitor new trends much more actively than ordinary users. They are constantly looking for something trendy that would interest people, and therefore can be used as a bait to trick them into entering credentials or payment data. The presentation of the new iPhone 14 is no exception and every year we see increasing activity of attackers around the annual release of new iPhone models. This why users should always be especially careful and not enter their personal data on suspicious pages, to avoid falling a victim of cybercriminals,” comments Olga Svistunova, security expert at Kaspersky.

To avoid falling victim to scams, Kaspersky recommends users:

  • Check the authenticity of the website before entering personal data, and only use official, trusted web pages to watch or download movies. Double-check URL formats and company name spellings
  • It’s better not to follow links from e-mails at all. Instead you can open a new tab or window and enter the URL of your bank or other destination manually.
  • Avoid logging into online banking and similar services via public Wi-Fi networks. Hotspots are convenient, but it’s better to use a secure network. Open networks can be created by criminals who, among other things, spoof website addresses over the connection and thereby redirect you to a fake page.
  • Use a reliable security solution, such as Kaspersky Security Cloud, that identifies malicious attachments and blocks phishing sites