March 12, 2019

Good day, welcome to another bulletin from Breaking Scams…

Scam, just in…

This week’s scam is an oldie but goldie. Scams trick you into doing something which starts a series of unfortunate events. The Apple invoice scam is no different.

Apple is a well-known brand that is about as big as brands get. The company has sold over 1.3 billion iPhones since the launch of the phone in 2007. If you have an iPhone, then you will likely have an Apple iTunes account and an iCloud account. You may, like many of us, use iTunes to buy films and music. So, it won’t be too unusual for you to receive a notice of a purchase from Apple, a brand you trust enough to buy products from.

The routine nature of an Apple email, coupled with your trust in the brand, is what the scammers are relying on in the Apple invoice scam.

apple invoice scam

What is in the Apple invoice email?

The Apple scam email, in its current form, is pretty basic. If you have had any security awareness training at all, you will be able to spot the tell-tale signs of this scam:

  1. The ‘from’ email address is clearly not an official Apple address. However, a cc address is showing deviced@mail-apple.com. Often phishing emails will attempt to disguise the from or cc email addresses to look like they are from the original brand. For example, support@apple.com would instead be something like support@appl1e.com or in this case @mail-apple.com
  2. The email itself has no content. Nothing, not even a hello. Apple or any other brand would never send out an empty message.

That being said, there are more and more variations of this scam being released – some, more convincing than others.

The attachment

The attachment in the email, entitled, “Reciept_Confirmations Order” is pretending to be a possible order you may have recently made using iTunes or the Apple store itself.

PDF attachments are a particular favourite of cybercriminals wishing to infect a machine with malware. The Adobe Reader used to support the opening and reading of a PDF, often has security vulnerabilities. The latest such vulnerability was found on the 18th January 2019. This vulnerability comes under the classification of “Execute Code Overflow”. This type of vulnerability is also known as a “buffer overflow” one of the best-known exploits allowing a malware infection to take root.

Emails containing attachments should always be carefully checked before attempting to open the attachment. If at all in doubt, do not open it.  Attachment types used to carry malicious software can be anything you can imagine. They include PDF, Microsoft Office files, HTML, zip files and others. Symantec looked at the top types of malicious attachments used in scams during 2018. Interestingly, .doc and .dot were the most popular at 37% of all scam emails with attachments. PDF was actually the least popular attachment type used in scams. Perhaps that will change in 2019. One thing is sure, cybercriminals modify their game to keep ahead. If PDF files are more vulnerable to exploits than Microsoft Office files in 2019, then PDF’s will be the weapon of choice

This scam message was pretty obvious, but they are not always this easy to spot. Always be on your guard when you receive an email from a well-known brand that contains an attachment.

Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

The Apple invoice scam

 Look out for a suspicious email which looks like it is from Apple.com

The email contains an attachment (this time a PDF attachment but infected attachment types can vary).

The email is a scam and the attachment will infect your machine with malware. DO NOT open the attachment in the email.

If you receive an email like this and are concerned, you can report it to Action Fraud, The National Fraud and Cyber Crime Reporting Centre.

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!

Let the Defence Works help your business avoid cyber security breaches – sign up for a free security awareness training demo, today.

Share this: