Fake iTunes Invoices Attempt to Trick Users by Claiming Ridiculous Charges Made to Accounts

Phishers are getting better and better. Recently a very good replica of an iTunes invoice has been spotted around that attempts to trick people into clicking a link that is either malicious or requests personal information that can be used to steal identities.

The email message that is being sent claims that the users have been overcharged for a recent download. In some cases, it is $25 for a song that is typically only $1.99 or $45 for the Netflix app, which is actually free.Instead of panicking, take a bit of time and think it through. Instead of clicking links or attachments, go directly to your iTunes account using a previously bookmarked link or by hand typing in the URL into the address bar of your browser. There should be a record of your purchases in your account and you can see if there are any unauthorized ones from there. If so, contact your payment card issuer and Apple to get it resolved. If not, you can be certain that the email message is indeed an attempt to phish for information or to do something malicious.

Avoid clicking any links or attachments that arrive in email messages unexpectedly. This applies even if you recognize the sender. It is not difficult to spoof the name in the “from” line of an email, so don’t get fooled by it. Instead, if you aren’t sure of the authenticity of the email, contact the sender by phone, text, or by creating a completely new email message. In other words, don’t just hit the reply button.

Take some time to ensure that you do have anti-malware and anti-virus software installed and updated on your devices. This goes for all products including Apple products. Despite some beliefs, they are not immune to these things anymore and in fact one study released by Marble Labs from 2014 have shown they are becoming as vulnerable to malware as devices running on other operating systems. The FBI has also warned of a significant rise in mobile malware on all types of devices as their use for tasks such as performing banking transactions increases.

Don’t be fooled by phishing. Take some time to read the messages, think about whether it is reasonable for them to be true and act accordingly. Phishers count on the panic affect; so don’t give in to fear.

© Copyright 2017 Stickley on Security