Revealed the existence of phishing scams to steal Apple ID information with fake Spotify mail

by Ana Bernardo

Business Insider reports the existence of a new phishing scam that steals a user's Apple ID by sending a spoofed email saying "I registered with Premium service " which is a paid plan of Spotify.

Fake Spotify email is a phishing scam to get your Apple ID credentials - Business Insider
https://www.businessinsider.com/fake-spotify-email-phishing-scam-apple-id-2018-10

PSA: Watch out for this new Apple ID phishing scam - 9to 5Mac
https://9to5mac.com/2018/10/20/apple-id-phishing-attempt-spotify/

A phishing scam aimed at a new Apple user reported by Business Insider is to send a fake email saying "I subscribed Spotify's Premium service for one year" to the user. In the mail is written "URL for canceling subscription" for those who accidentally registered as a paid service of Spotify. When you access this URL, the login page of Apple ID is displayed, and when you log in here, Apple ID information is stolen to the hacker side.

The following screenshot is a page that is skipped when clicking URL on fake mail. Appearance seems to be completely Apple's page, but when you look at the URL you can see the list of alphabets and you can see that it is a page for phishing scams.

The first reporting phishing scam to steal this Apple ID information was Reddit , an overseas bulletin board. When an attacker steals the Apple ID information, it will be able to access the user's personal information, the photos saved on iCloud, and the location information of the Apple terminal. Also, if you have Apple ID information, you can purchase an app before you know it, or purchase a device at the Apple Store.

by OOI JIET

Phishing scams using fake Spotify Mail seem to be based on the change of Spotify's subscription method. We have been able to subscribe to Premium service which is a paid service of Spotify up to now through Apple ID, but since August 6, 2018 that option has been closed and Spotify will use its own payment system Paid users are requesting. By sending fake e-mails to Spotify users at such timing, it seems that the attacker aims to make it mistaken that "payment with Apple ID is still being done".

The following is actually fake mail sent to the user. There are grammatical errors in the text on the fake mail. Also, if you actually subscribe to Spotify's paid service via Apple ID, the payment of fee and e-mail regarding registration confirmation will be sent via Apple, so checking the sender also confirms whether the mail is genuine or fake You can judge.

Email addresses are not displayed in the screenshots taken by Reddit users who reported phishing scams, but they may be similar to Spotify or Apple official email addresses. However, since many mail addresses used for phishing scams contain random letters and numbers in many cases, it is possible to determine that it is a fake mail by firmly confirming the mail address There is a possibility.

Phishing scams targeted at Apple ID are very common, and Apple has a support page that provides hints to avoid such fraud damage and seven common symptoms of phishing scams .

Avoid fraud such as phishing mail, fake warning of virus infection, fake support phone, etc. - Apple support

· The sender's e-mail address or telephone number does not match the name of an authorized company.
· We came in contact with a different e-mail address or phone number than the e-mail address or telephone number registered in the regular company.
- The greeting part of the message, such as "everyone", is a general expression. Many of the legitimate companies will write the customer's name in the message addressed to the customer individually.
· At first glance it seems to be legitimate link, but jump to the website of the address which is different from the address of the regular company's website.
· The appearance of the message is quite different from other messages received from the legitimate company.
· Personal information such as credit card or account password is requested.
· A file is attached to an empty e-mail.