As a side note, the email address associated with this site is Norwegian. After the site steals the data, the user is then redirected to the legitimate Apple website. When the user fills out the form and clicks the “Cancel transaction” button, the data is processed in plain text with a PHP script. Besides the normal spaces for entering credit card and other personal information information, the form also includes fields for entering a “Social insurance number,” which is the number needed in Canada to work or to access government programs and benefits, as well as for a “Mother’s Maiden Name,” which is one of the frequently asked questions used to recover a forgotten password.įigure 3.
To request a “refund, the victim is directed to fill out an online form. Fake Apple website to steal credit card information
Although this site was already offline at the time of this report, it was still possible to access the phishing website by replacing the domain name with the IP address, as shown in Figure 2, below.įigure 2. Needless to say, it does not redirect to the legitimate “My Apple ID” website, but to the URL hy654reewe(.)serveftp(.)org/serveritunescanada/index(.)html. Phishing websiteĪt the bottom of the receipt, there’s a link to request a “full refund” in case of an unauthorized transaction. In fact, all the chosen movies are recent, which gives the email a more realistic appearance. The latest variation targeting Canadian users, however, does not seem to contain any of those mistakes.
Last year, similar emails targeting users in the US were also reported, although they contained several errors that identified them as scams, such as: the word “Invoice” instead of “Receipt”, the lack of a valid value for the “Billed to” field, the wrong amount in the total, etc. Similar cases were reported in 2015 by users in the UK and Australia, except in those cases the fake receipt contained songs and books, respectively. The email contained an alleged receipt for five movies purchased from the iTunes Store that was so detailed that the user who received it, and who knows better, still almost fell for the scam. Over the weekend, we encountered an interesting variation of a phishing email targeting Apple users.