Apple account notifications abused for iPhone purchase phishing scams

As reported by Bleeping Computer, threat actors are exploiting a legitimate Apple account notification system to distribute sophisticated phishing scams, embedding fake iPhone purchase alerts within seemingly authentic emails sent from Apple's own servers. This tactic increases the credibility of the scam and improves its chances of bypassing spam filters.

The phishing campaign involves creating an Apple ID and strategically placing scam text within the first and last name fields. When the attacker modifies the account's shipping information, Apple sends a notification email that the attacker then distributes to victims. This legitimate alert inadvertently includes the embedded phishing message, which falsely claims an $899 iPhone purchase was made via PayPal and provides a phone number to cancel the transaction. Victims are then prompted to call the number, where scammers attempt to gain remote access or steal financial information by claiming the account is compromised. This method is similar to previous campaigns that abused iCloud Calendar invites.

The ability to bypass standard security measures by abusing legitimate infrastructure poses a significant challenge for both users and platform providers. Users should exercise extreme caution with unexpected account alerts, especially those urging immediate action or containing suspicious contact information, and verify any claims through official channels rather than provided links or numbers.

Source: Bleeping Computer