Phishing Scams Exploit Apple Account Notifications

Severity: High (Score: 64.5)

Sources: Bleepingcomputer, Scworld

Summary

Threat actors are abusing Apple account change notifications to distribute phishing emails that falsely claim an $899 iPhone purchase was made via PayPal. These emails appear legitimate as they are sent from Apple's own servers, increasing their credibility and likelihood of bypassing spam filters. The scam involves creating an Apple ID, embedding phishing text within the first and last name fields, and modifying shipping information to trigger the notification. Victims are misled into believing their accounts have been compromised and are prompted to call a scammer's number for cancellation, where they may be coerced into providing sensitive information or installing malware. This tactic highlights the evolving nature of phishing attacks that leverage legitimate infrastructure. Users are advised to be cautious with unexpected account alerts and verify claims through official channels. Key Points: • Phishing emails exploit legitimate Apple notifications to appear credible. • Attackers create Apple IDs to embed scam messages in account alerts. • Victims are tricked into calling scammers, risking financial and data theft.

Key Entities

• Phishing (attack_type)
• icloud.com (domain)
• T1566 - Phishing (mitre_attack)
• Apple ID (platform)
• Apple Mail (platform)
• ICloud (platform)
• ICloud Calendar (platform)