AppStore Phishing Attack Hits Online Shoppers
The AppStore phishing scam , first detected by researchers at F-Secure, comes in the form of a fake order confirmation from Apple following immediately after a user makes a purchase at the AppStore.
The e-mail response sent to users appears legitimate, reading: "To view the most up-to-date status and make changes to your Apple Online Store order, visit online your Order Status."
F-Secure researchers said that the timing of the e-mail alone was enough to merit some attention, even from spam-savvy users.
"The 'coincidental' timing is enough to warrant at least an attention from the intended recipient,'" said F-Secure researchers in a blog post. "Combined with tricks such as spoofed address and vague links, the recipient might even fall for the trap."
However, once users click on the link, they are sent to a completely unrelated drug store spam site, not affiliated with Apple or the AppStore.
Thus far, the attack appears to lead to a spam site, as opposed to a more malicious fake AppStore login page that attempts to trick the user into submitting credentials or credit card information.
Meanwhile, F-Secure researchers said that the scam indicates that attackers are becoming more targeted while also going after the largely untapped Apple market to distribute malware.
"The next time you see another post on a phishing attack and think 'there's no way I'm going to fall for that,' you might want to reconsider," said F-Secure researchers in a blog post. "As general users become adept at detecting a phishing attempt, the authors are changing their tactics and are taking the time to learn about the target beforehand."
The new phishing scam comes just as AppStore-approved apps hit the half billion mark , and just days after a MacDefender scareware scam began to make its rounds on unsuspecting Mac users.