Apple Store gift card scam bypasses phishing for all-out malware exploits

Aug 9, 2013
4

We see a lot of scams and phishing attempts all the time, but a new one that was discovered by security research firm Webroot reveals a malware-infested email campaign that tricks users into thinking that they have received a $200 Apple Store gift card, when in reality, it's an attempt to install malware on Windows computers.

What's most interesting about this scam, is that it doesn't use phishing like similar tricks, where scammers have you log into a fake website in order to claim your "prize." This one actually bypasses that altogether and installs malware directly on your computer to obtain personal information and such.

When the user clicks on the link in the email, a malicious Java-based exploit installs itself onto your computer. The Apple Store gift card email also includes a malicious attachment that provides users the opportunity to view that rather than clicking on the link. Both contain the malware, however.

This is certainly a unique scam, and one of the first ones we've seen in awhile that involves an Apple Store gift card. Of course, this isn't the first time Apple has been involved in a scam or hacking attempt. Plenty of hacks have been implemented to try and gain access to Apple ID accounts, and a security hole was recently found in the Apple ID system shortly after its two-factor authentication went live.

Plus, a trojan was discovered to be roaming around and gaining access to OS X machines late last year, for which Apple has applied numerous Java-based patches to fix the exploit. It's certainly gotten rid of the validity of the argument that "Apple products don't get viruses."

VIA: MacRumors


Must Read Bits & Bytes