An online scam that is trying to con Apple users seems to be creating quite a buzz. It has come to light that several emails claiming to be from the 'Apple Security Department' is being sent to users.
The email asks the recipients to confirm their Apple account and validate the user information. But in reality, the email is not sent by Apple but is a scam to steal the account login details and financial information of Apple users.
The email, purporting to be from the Apple Security Department, urges users to open an attached file to confirm their accounts, if they did not initiate the download.Hoax-Slayer, a website dedicated to spotting such scams and hoaxes, was the first one to report the matter.
"The email is not from Apple. It is a phishing scam designed to trick users into giving their Apple account login details and financial information to criminals. The attached file contains a bogus HTML form that requests account and credit card details," Hoax Slayer warned.
Here is the how the scam email sent to Apple users looks like:
Dear Apple Customer,
Your Apple ID, was just used to download OS X Mavericks from the Mac AppStore on a computer or device that had not previously been associated withthat Apple ID.
This download was initiated from Spain.
If you initiated this download, you can disregard this email. It was onlysent to alert you in case you did not initiate the download yourself. If you did not initiate this download, you have to confirm your account and validate your information, so we recommend you to :
1- Download the attached document and open it in a secure browser.
2- Follow the verification process to protect your account.
Your sincerely.
Apple Security Department.
Apple Support
The phishing email very cleverly tries to feed on the fear of the users. It warns recipients that their account was used to download a copy of OS X Mavericks from a computer or device, not previously associated with their Apple ID. It then suggests that the download was initiated from Spain.
The mail then goes on tell the recipients that if they did not initiate the download, they should open an attached file to confirm their account and validate the information.
However, users should not even open the attached files. The attachment contains a 'malicious' HTML form that loads into the users' browser when opened.
In short, the mail tries to extract the Apple ID and credit card information from the users. The users should always be wary of such phishing campaigns. These con mails try to dupe people, using the name of big companies such as Apple. However, in any such instance, it is always advisable to verify the information by either contacting the company itself or through online forums.
If a person get holds of one's Apple ID, he or she can access the user's purchase history, and would also be able to get hold of all sensitive personal information, such as credit card details. As a precaution, when an Apple ID is lost or stolen, one should contact the Apple company information center and have the account shut down immediately.