Scots are being alerted to highly convincing phishing emails from fraudsters posing as Apple this week as new research shows a huge rise in cyber-crime over 2016. However, a sharp debate has broken out as to who should take more responsibility for fighting the scammers – customers or banks.
Cyber criminals are sending fake invoices, purporting to be from Apple, to thousands of email addresses in an attempt to scare recipients into thinking they have been wrongly charged for a product from the iTunes store.
The phoney invoice, which is almost identical to the real thing, encourages customers to apply for a refund through a prominent link labelled ‘Cancel and Manage Subscriptions’, which actually leads to a fraudulent website that asks for bank account details.
Variations of the scam include fake receipts for iTunes membership and Netflix membership as well as different apps and songs. All carry the iconic Apple logo as well as the standard iTunes invoice layout and format.
However, there are clues that give the game away. Genuine invoices from Apple are sent from email@example.com whereas the scams are sent from dummy email addresses. Moreover, real Apple receipts should contain your billing address and the last four digits of your card number, whereas the fraudulent emails only identify you by your email address.
Action Fraud, the national cyber-crime reporting centre, says the fake iTunes invoice is a longstanding phishing ploy and now the second most common scam of its kind in the UK. Apple says it never asks customers to provide personal information or bank account details via email and is urging anyone who receives the fake invoices to forward them to firstname.lastname@example.org.
It comes after a Glasgow-based man was jailed for 11 years last week after masterminding Britain’s biggest ever cyber scam, conning bank customers out of £113m. Feezan Hameed Choudary, 25, paid two corrupt employees of Lloyds Bank to provide them with customers’ bank details so he and his associates could cold-call small businesses and trick them into providing internet banking passwords.