A widespread and sneaky phishing campaign is doing the rounds that pretends to be a purchase confirmation from the Apple App store. These emails contain a PDF attachment that pretends to be a receipt for an app that was purchased by your account and tells you to click a link if the transaction was unauthorized. Once a user clicks the link, down the rabbit hole they go.
The phishing campaign works by a victim receiving an email that pretends to be a receipt for a recent purchase from the Apple App Store. The email contains a PDF attachment that states it’s a receipt for the purchase, but there is nothing telling you to open the attachment. Instead the attackers are relying on the victim saying “What the… ? I didn’t purchase an app” and opening the PDF to see what’s going on.
When a user opens the PDF they will be shown what appears to be a receipt from Apple for an app that they purchased. Sprinkled throughout the PDF are links that the recipient can use to report a problem or that the purchase was unauthorized. All of these links are for a shortened URLs so a recipient does not know the URL of the page that it ultimately goes.
Talk to us here at Solutions4IT for more information on Cyber Security and user training.
Photo: William Iven unsplash
Although organisation are quick to notice vulnerabilities in their systems, it still can take up…
Emailing is one of the most common ways that we now communicate with each other.…
