Apple ID and tax refund phishing scams are designed to steal credit card and banking details
01.11.2016 klo 16:48 - Updated 20.12.2016 klo 13:51
Update 25.11.2016: A phishing campaign is also targeting Finnish internet banking customers. Users have received fraudulent messages that urge the user to update their security settings. The messages are in Finnish. The link in the messages directs the user to a phishing page. For more information on this campaign please see the corresponding Information Security Now! article. (in Finnish).
Update 14.11.2016: Phishing emails requesting credit card details have also been sent in the name of the Finnish Tax Administration. Users have received messages claiming that they will receive tax refund of EUR 244.79 once they enter their details on the Tax Administration's website. Further information: Information security now! Phishing campaign in the name of the Finnish Tax Administration (10 November 2016) (in Finnish)
The NCSC-FI at FICORA has received reports of a very sophisticated phishing campaign targeted at Finnish users. Messages written in correct Finnish claim that the user's Apple ID has been changed, and urge the user to verify the ID by clicking the link on the email.
The phishing website looks legitimate and uses SSL/TSL encryption. The browser's address bar reveals the website to be a scam. The scam website requests the victim to enter a credit card number and CVV code to verify the ID. The NCSC-FI has been reported of Finnish victims.
Target group of the alert
All users of online services
Possible solutions and restrictive measures
- It is recommended never to open phishing messages or any links they contain.
- If you have entered your Apple ID on the scam website, change it immediately.
- If you have entered your credit card details on the scam website, contact the credit card issuer immediately (e.g. the bank).
- If you have entered your online banking codes on the scan website, contact your bank immediateley.
- https://www.viestintavirasto.fi/kyberturvallisuus/tietoturvanyt/2016/11/ttn201611011505.html (in finnish)