The App Store Phish

If you are an iPhone user, you would've probably have received an email before, informing you that you had purchased an app from the app store. That wouldn't ring any alarm bells for you if you had indeed made a purchase from the app store.

But what if you hadn't made any purchases?

The e-mail that you would receive from Apple regarding the purchase would actually look legitimately like it was from Apple. Here's a screenshot capture of the e-mail.

If you read the e-mail, it gives you a way out if you did not make the purchase or if you believe it was an unauthorised purchase (which is the obvious choice here because you really did not make the purchase), the sender has conveniently attached a document in the same e-mail to help you with the cancellation of the purchase.

If you've made it this far into the e-mail, you should realise that opening documents that are not trusted is not advisable. In this document, you would've been asked to enter your credit card details so that the refund can be processed back into it. This is when the attacked would extract your details and begin transacting on the card that you have shared, thinking that this was a legitimate e-mail.

This is a phishing attempt that is sent to thousands of e-mail addresses hoping that some unsuspecting soul would pick it up, panic, and fill in secure information to send back to these scammers. We should not take IT security for granted, and we shouldn't be too complacent when receiving such e-mails, thinking that "it will never happen to me".

Some Do's that I think will help us in our approach when we receive such mailers:

1) Keep abreast of IT news on various subjects so that we are aware of the trends (whether positive or negative), educating ourselves and equipping ourselves accordingly.

2) Scrutinise and verify the source of the e-mail that you receive, making sure it's legitimate before sending any replies.

3) If the merchant had your credit card details to deduct payment from your card, they very well have that information to refund it in the event of an accidental purchase. They won't be asking you for it again, especially not so through an attached document.

Stay well, stay safe, stay Secure. Security and safety is everyone's responsibility.