Scammers Use Fake Receipts to Steal Personal Information From Online Shoppers
A widespread phishing campaign is underway, looking to grab personal information from online shoppers, reported Bleepingcomputer.com. Emails with PDF attachments pretend to be a purchase confirmation from the Apple App store and direct consumers to click a link if the transaction was unauthorized. All the links are for shortened URLs so a recipient doesn’t know the URL they are sent to, it said. The landing page asks the victims to log in with their Apple ID, which looks like the legitimate Apple account management portal, it said. If victims don’t type in information, they are told their Apple account has been locked. The phishing page redirects consumers to a legitimate appleid.apple.com account management page in a way that triggers the Apple website to post a “timed out for your security” message, corroborating the phishing page’s story, it said. If users enter the information requested, attackers will have enough for a “complete identity theft,” it said, including opening bank or credit card accounts, accessing other accounts with the information, or filing tax returns under the victim's name. New York magazine said fake receipts are also being sent out for Amazon accounts. Amazon and Apple didn't respond to questions Friday.