Attackers empty victims’ wallets ahead of iPhone 14 debut

Kaspersky experts have uncovered a slew of phishing pages claiming to be selling iPhone 14, but in reality aiming to empty victims’ bank accounts and steal their Apple ID details.

The phone will debut on 7 September, and between 10 and 25 August Kaspersky security solutions detected more than 8 700 new iPhone-related phishing sites. On 25 August alone, researchers detected a total of 1 023 iPhone-related phishing pages – almost twice the average number.

Before the release of any new iPhone, bad actors create fake pages where users can pre-order a new device at a discount, or buy one before the official launch. Since official photos of the iPhone 14 have not yet appeared online, malefactors use photos of older phone models to attract users' attention. 

The attention to the popularity of iPhones is not limited to the release of new models alone, as threat actors can gain a lot by getting access to a victim’s Apple ID, the account used to access Apple services such as the App Store, Apple Music, iCloud, iMessage, FaceTime, and more.

By imitating a standard Apple ID login page, hackers attempt to lure victims into entering their usernames and password on the phishing page. Cyber criminals often pressure victims by telling them they could lose their device at any moment due to some threat.

For example, Kaspersky researchers have found examples of phishing pages that suddenly appear on the screen of the device and warn the victim that “access to this Apple device has been blocked due to illegal activities”.

In order to unlock access to the device, the target is encouraged to call a fake Apple support number, manned by the attackers. Called 'vishing' (short for voice phishing), these schemes trick users into revealing personal information and bank details over the phone.

At times, follow-up pages can "lock" the computer screen, showing only the threat message, so that the user has no choice but to call the scammers' number.

To avoid falling victim to scams, Kaspersky recommends users check the authenticity of the Web site before entering personal data, and only use official, trusted Web pages.

Similarly, double-check URL formats and company name spellings, and never follow links from e-mails, but rather open a new tab or window and enter the URL manually.

Also, avoid logging into online banking and similar services via public Wi-Fi networks. Hotspots are convenient, but it’s better to use a secure network. Open networks can be created by criminals who, among other things, spoof Web site addresses over the connection and thereby redirect you to a fake page.