NEWS FROM THE LAB - Tuesday, May 24, 2011

AppStore Phishing Posted by ThreatInsight @ 06:28 GMT

The next time you see another post on a phishing attack and think "there's no way I'm going to fall for that", you might want to reconsider. As general users become adept at detecting a phishing attempt, the authors are changing their tactics and are taking the time to learn about the target beforehand.

This e-mail for instance, was sent to a person who recently made a purchase from the AppStore on his iPad. The "coincidental" timing is enough to warrant at least an attention from the intended recipient. Combined with tricks such as spoofed address and vague links, the recipient might even fall for the trap.

AppStore Phishing

AppStore E-mail Phishing Text

So what happens if the recipient clicked on the link? Turns out that the link leads to a drugstore site. Odd. We are expecting it go to a fake iTunes/AppStore page, in which the recipient would be prompted to input his account details. But that didn't happen.

ThreatInsight post by — Rauf