A widespread and sneaky phishing campaign is doing the rounds that pretends to be a purchase confirmation from the Apple App store. These emails contain a PDF attachment that pretends to be a receipt for an app that was purchased by your account and tells you to click a link if the transaction was unauthorized. Once a user clicks the link, down the rabbit hole they go.
The campaign works by a victim receiving an email that pretends to be a receipt for a recent purchase from the Apple App Store. The email contains a PDF attachment that states it's a receipt for the purchase, but there is nothing telling you to open the attachment. Instead the attackers are relying on the victim saying "What the... ? I didn't purchase an app" and opening the PDF to see what's going on.
When a user opens the PDF they will be shown what appears to be a receipt from Apple for an app that they purchased. Sprinkled throughout the PDF are links that the recipient can use to report a problem or that the purchase was unauthorized. All of these links are for a shortened URLs so a recipient does not know the URL of the page that it ultimately goes.
- If URLs look strange don't open them
- Do not open links from strange emails and instead go directly to a company's web site
- Stop and Think, if you are unsure give us a call.
Talk to us here at Solutions4IT for more information on Cyber Security and user training.
Photo: William Iven unsplash