AppStore Users: Beware New Email Scam

Dennis Faas's picture

Apple iPad and iPhone owners are being targeted by a new scareware-like scheme this week, which uses a unique phishing strategy to frighten them into giving up their personal data.

Fake Email Spoofs Apple App Users

The scam is being reported by security company F-Secure, who say that hackers are using carefully designed emails to fool Apple fans.

An email appears in a target's inbox from the "Apple AppStore," telling the recipient that their recent app order "has been successfully cancelled." Those users who don't want that to happen are asked to click on the link "order information" to find out more. (Source:

Messages Appear after Legitimate App Purchase

Unfortunately, that link leads them not to a solution, but to a drugstore website. As of the time of this writing, it doesn't appear the link has led to the installation of malware. That said, users are warned to never peruse or use a website that appears without prompting.

In this particular case, hackers have shown some remarkable initiative. The fake messages tend to appear immediately after an iPad or iPhone user makes a purchase from the legitimate AppStore. No one -- not even F-Secure -- has yet figured out how the scammers know precisely when someone makes a purchase from the AppStore.

Potential for Attack Huge

The precision of this particular scheme is awful frightening, even if the link in question only leads to a sketchy website.

Given the scheme's yet-unknown ability to detect AppStore purchases, it's likely even the most careful and aware PC and Mac users would be duped into clicking on a malicious link.

Targeting the AppStore makes sense, given that Apple recently announced it's now released its 500,000th app for download. A recent report on the subject finds that the typical app costs about $3.64 and to buy every single one would cost an incredible $891,982.24. (Source:

Rate this article: 
No votes yet