A new cell phone scam targeted at iPhone users tries to steal their Apple login details by sending a fake Spotify/iTunes email. The phishing email claims to be from Apple and Spotify. If a user clicks on the link, the email says the user had bought a year of Spotify Premium for $150.99 and links to a page to ‘review your subscription’. A fake Apple landing page – which looks like a real one – then asks for log-in details.
“One of the most common types of phishing is an email that contains a fraudulent link. In this case, users are likely to give away their personal information, because they will be obviously worried they might be charged $150,” said Ruby Gonzalez, Communications Director of NordVPN. “The supposed website of a trusted brand, such as Apple, creates a fake sense of familiarity, which misleads people into entering their private information.”
According to Apple, if a user receives an email asking them to update their account or payment information, they should only do so directly in their Settings on the Apple device that they are using. Users can update their passwords at appleid.apple.com.
NordVPN also recommends using its CyberSec feature, which is designed to block advertisements, malicious sites, and phishing links. While it’s still not available on iOS, CyberSec can be used on Windows, macOS, Linux, as well as on the mobile app for Android.
NordVPN provides these tips for spotting a phishing email:
- Check the sender’s address. Don’t just trust the display name – pay attention to the email address. If the domain looks suspicious (e.g., [email protected]), don’t open the email.
- Look for spelling and grammar mistakes. Serious companies don’t usually send out emails with bad grammar and basic spelling mistakes.
- Take a look at the greeting. Your bank or another legitimate institution would often address you with your full name. If you see a vague “Dear user” instead, remain vigilant.
- Don’t click on links– instead, hover your mouse on the button to see the destination link. Check if it looks legitimate and, especially, if it contains the “https” part to indicate a secure connection.
- When in doubt, contact your bank or other institution over the phone or alternative email address and ask to confirm if the email is legitimate.
- In addition, two-factor authentication can be set on iOS devices. That way, a hacker would have to go through another control even if they have stolen a user’s login information.
For additional safety, use a VPN. Using a VPN when browsing can protect you against malware and phishing that targets online access points.