Apple, impersonated in a new phishing scam: 'Apple Play is blocked. Follow the instructions'

Manzana is not one of the technology companies most supplanted by cybercriminals, an 'honor' that belongs to Microsoft and by quite a bit, but it is a brand known to almost everyone that manufactures the best-selling mobile phones, which makes it an attractive hook for phishing scams. These are those in which cybercriminals They pose as a company or official body to obtain personal and banking information from the victims, with some invented reason. This has happened, once again, with a new phishing campaign that the National Cybersecurity Institute has warned about.

INCIBE has published a notice about this scam that uses Apple and its mobile payment service Apple Pay as bait to deceive their victims. The contact is initiated through an email, apparently sent by Apple, with the subject 'Apple Play is blocked. Follow the instructions'.

In the body of the message, which uses the logos and imitates the style of those of Apple, it is indicated that 'Apple Pay has been suspended on the device', without alluding to any reason, and that 'the Apple ID cannot be used to make payments with Apple Pay until it is reactivated'. Next, a link to the fraudulent websitein which cybercriminals seek to consummate the scam, in the sentence 'Reactivate Apple ID'.

Phishing mail impersonating Apple. INCIBE.

The approach It's already confusing in itself.. Just like with a Google account, an Apple ID is used across all of the company's services and it's like you have to reactivate everything because you've been 'locked out' of one in particular. As always in these cases, a look at the sender's email indicates that it does not come from Apple, since The domain corresponds to Webmail, a well-known email service provider.

Clicking on the link takes you to a fraudulent website that imitates an outdated version of the Apple, under a domain not related to the iPhone manufacturer and with other warning signs such as the top menu in English, although the content of the page is written in Spanish. In this step, the victim must enter your Apple ID.

Website created by cybercriminals that impersonates Apple's.
Website created by cybercriminals that impersonates Apple's. INCIBE.

After handing over your Apple credentials to cyber scammers, which is already a success for them, on the next page they warn of a 'suspicious login to your account' and ask for personal and banking information 'so we can verify your identity.' These, in addition to the name and surname, include the card number, expiration date and CVV, everything necessary so that cybercriminals can make payments with it. In case asking for bank details to verify an identity was not enough, the 'Continue on' that follows the form is yet another alert.

Cybercriminals already ask you about your account balance before stealing from you.
Cybercriminals already ask you about your account balance before stealing from you. INCIBE.

At this point in the scam, the cybercriminals have stepped up and ask the victim the balance you have in your bank, as well as specify the currency that corresponds. With all this information collected, cybercriminals will be able to use the victim's money as they wish.

If you have fallen for this scam, those affected should contact Contact your bankcollect all the information you have about the scam and report it to the State Security Forces and Bodies.