Apple-svindel: Verify the account

Mange nordmenn er kunder av Apple, og en ny phishing-kampanje retter seg mot norske brukere.

Med advarsel om at kontoen blokkeres, vil e-posten lure deg til å tro at kontoopplysninger må oppdateres innen 48 timer:

E-posten inneholder flere lenker som peker til Apple.com-adresser. Likevel er det knappen "Update now" som folk vil klikke på, og denne peker et helt annet sted, slik som http://azikelpetroleum[.]com her:

På den aktuelle siden blir man møtt med et påloggingsvindu. Dette virker ganske generisk utformet, men godt egnet for å stjele brukernavn og passord. 

Aktuelle avsendere vi har sett inkluderer både Apple-Store[@]Account.com og iTunes-Store[@]Support.com

Her finner du nærmere rapport på et domene vi har sett brukt i samband med landingssiden, fra tjenesten URLquery.net:

https://urlquery.net/report/440f7722-89ee-4ae6-8b62-f117082b0fef

Last updated:

11 March 2019

Share this:

Language:

Norwegian

Show translation:

Engage

MailRisk analysis and response

Stop suspicious emails →

Influence

Simulated phishing and e-learning

Make training personal →

Cultivate

Metrics and measures for change

Build security culture →

Contact the author:

Erlend Andreas Gjære

Co-founder / CEO

(+47) 90 61 24 35

erlend@securepractice.co

Vil du at folk får hjelp når de mottar mistenkelig e-post?

Opplev hvorfor MailRisk ble kåret til beste nye sikkerhetsprodukt.

Kom i gang nå →

Continue reading

Simulated phishing: How to design a suitable scam

How do you prepare the most effective phishing email to serve the goal of your exercise? In the third part of this series on simulated phishing, we describe various approaches to designing phishing content.

How to succeed with security behavior change

To stay safe online, people need to care more about the security decisions they face every day. But unless the obvious gains obviously exceed the required effort, change is often avoided. Luckily, behavior change in general has been subject to a lot of research, and here are some takeaways for information security professionals.

Simulated phishing: Communications strategy

How do you prepare an organization for you to try and trick them? In the second part of this series on simulated phishing, we provide the outline for a communications plan.

See all posts →

Human security sensors ebook cover

Ready to get started?

We have written a guide for you to get started with human-centered security. Access our free resource now, and learn:

  • How to nurture drivers for employee engagement
  • How to avoid common obstacles for reporting
  • Practical examples and steps to get started

Download free PDF →