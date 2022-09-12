The launch of the iPhone 14 on September 7th excited Apple fans and cybercriminals alike, who take advantage of the novelty to trick more anxious consumers. In 15 days of monitoring (between August 10 and 25), Kaspersky experts identified nearly 9,000 phishing sites with fake offers on the new device. There are two goals: emptying victims’ wallet and stealing their Apple ID credentials.

The tactic is often used whenever there is an event with great popularity: as this type of event approaches, the number of moves exploiting this theme increases. In this example, Kaspersky experts detected a total of 1,023 records of fake webpages misusing the term “iPhone” on August 25th alone – this is twice the average daily detections of fraudulent websites during the assessment period.

Traditionally, scams created before a new phone launch offer a discounted pre-order or even purchase it before the official announcement. After the person enters the card details to make the purchase, the information stays with the criminal (to clone the card) and the purchase will be debited, but the product will not be shipped.

keeping an eye on the data

Cybercriminals’ interest in exploiting the popularity of iPhones is not limited to the fraudulent sale of new models. Some are after something more: getting Apple ID credentials. To carry out the theft, pages are created that mimic the standard Apple ID login page and ask for the account email and password.

With this information, criminals gain access to Apple services (App Store, Apple Music, iCloud, iMessage, FaceTime, etc.) electronic payment contacts and information.

They also review iCloud, where personal photos are saved, for scanned documents. The images can later be used in identity theft scams or even blackmail.

This same technique was used before the launch of the PlayStation 5 and the Black Widow and Spider-Man 3 movies, as criminals are always looking for themes that will attract the most potential victims, says Kaspersky. They rely on the person’s desire to hide the blow. If the person is inattentive, he will fall for the scam and only a protection that blocks access to the fake website can prevent damage. Therefore, it is very important that people know how to recognize fraud quickly, defends the company.

How to avoid this scam

To avoid falling victim to this type of scam, Kaspersky makes the following recommendations:

Check that the site is legitimate before entering your personal or financial details. To do this, compare the address of the website you are accessing with the official address and see if there are any spelling errors.

In general, be suspicious of all incoming links, especially from social networks. Always make a direct access (by typing the official address of the company). Also don’t trust paid results in online searches. Give preference to organic results, as criminals pay for fake links to appear at the top of searches.

Avoid accessing important accounts, such as bank accounts, connected to public wireless (Wi-Fi) networks. Hotspots are convenient, but it’s better to use a private data connection or a secure network. Open networks can be created by criminals to monitor traffic and copy access data or redirect access to fake websites.

Always use a reliable security solution to block malicious files and fake websites.

