Apple users should be on the lookout.
The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25th. And scammers are taking advantage of the confusion as to what this means for end users. In this case, the phish bait is the claim that Apple is proactively preparing to better protect your data.
This phishing scam threatens Apple users with account suspension.
The attackers’ goal is for users to fall for this sophisticated tactic which redirects users to an “account rescue site”. This website of course is used to extract credentials and other personal financial information. The phishing website although fake, is a legitimate-looking Apple site. According to KnowBe4, it presents itself as a place where users can rescue their account from being “restricted.”
Not only does the website look legitimate, but it is more sophisticated than other phishing sites because the attackers correctly set the web directory permissions. They also encrypted the malicious site using Advanced Encryption Standard (AES). This method allows the bypass of some anti-phishing tools embedded in antivirus solutions. Victims are asked to “update payment details.” Once the victim enters the requested information, the victims will see their accounts “returned to normal.” To complete the task, victims are asked to click a button labeled “unlock.” This last step sends the information they’ve just entered directly to the scammers.
As mentioned before, the malicious site looks legitimate. But it is not an Apple site at all, Apple users beware. If you have already experienced this phishing attempt and entered your credentials we recommend cancelling the credit card used and logging into your apple account to change your password immediately.