Movie Fans Targeted in iTunes Scam

Movies are a big business and it’s more popular than ever to grab your popcorn and Milk Duds and sit back on the sofa to stream them from iTunes. A recently found scam targets Canadian movie fans by sending a fake Apple invoice for movie rentals, counting on the user to request a refund.

In this case, the invoice purports to have charge for a list of movies that can add up to a rather large sum of money. The movies on the invoice are often those that were released somewhat recently, such as Jack Reacher: Never Go Back and Arrival, making it a bit more believable to potential victims. After the initial shock wears off of the amount on the invoice and the fact that the charges do not belong to the targeted victims, the next reaction is to scan the form for a way to get a refund or dispute charges.

Conveniently, the phishers put a link at the bottom of the document. It supposedly can be clicked to claim a full refund. However, it doesn’t go to Apple. It goes to a website registered in Norway. The information requested in the form that appears wants a lot of personal information, including date of birth, mother’s maiden name, and a social insurance number. Canadians need this last number to access government services. It is not needed to get a refund from Apple or most any other company. These should raise big red flags to the recipients.

The scam was spotted by researchers at security company Fortinet. The fake invoice arrives in an email message that at first glance appears to come from Apple, but if it’s expanded, it shows a strange email address from a Norwegian site. By using the mouse to hover over the link, it looks like a bunch of randomly generated characters, but definitely doesn’t look like an Apple link.

Remember that by taking a minute to check the link destination before clicking it, you can avoid being a victim of phishing. Hovering over them with the mouse pointer works for this, as does holding your finger on the link for a few seconds if you’re using a touch screen device. If the link destination doesn’t make sense to you, it’s probably a fake one.

If you receive something like this that claims false charges to any of your accounts, it’s even better to go directly into your accounts from previously bookmarked links than clicking anything. It’s getting more and more difficult to detect phishing messages, so try to get into a habit of not clicking them and going into accounts separately to avoid becoming the next victim. If all is clear in your account when you check that way, then you can be sure the message you received is indeed phishing.

Apple users are often the targets of phishing these days and not only in email. Smishing is on the rise as well. This is when the scammers use SMS/text messages to trick users (also called "smishing"). So watch for those fake links too.

Another tip for avoiding scams like this is to set charge alerts on your payment cards. You will get a message each time a charge is placed on your card for a limit you set. If you didn’t get an alert for the charges, it’s a clear signal that a phishing attack is at play.

© Copyright 2017 Stickley on Security