Phishing email uses fake Apple Store branding to trick users

773 Million E-mail Address Compromised
Malicious email pretending to be from NETFLIX delivers phishing attack
Show all

Phishing email uses fake Apple Store branding to trick users


As cybercrime morphs and evolves in complexity, cybercriminals are increasingly preying upon emotions of cyber users in a bid to trick them into revealing confidential data online.

A case in point is a phishing email scam that MailGuard detected yesterday evening (AEST). Purporting to be from Apple Store, the email infiltrated inboxes using the same display name. It actually comes from a compromised domain and contains a very short message within its body. It informs the recipient of an invoice arrival from Apple for a recent purchase made. Recipients are advised to open a PDF attachment in order to view the invoice.

Here is a screenshot of the email:


APple blog


The PDF attachment contains a receipt for the purchase of a mobile game titled “Mobile Legends Bang Bang.” It contains several elements that makes the receipt look like a legitimate one from Apple, such as the inclusion of Apple Store’s logo, as well as a graphic image from the mobile game itself.

The receipt advises users to cancel the purchase immediately if they did not make the purchase or believe an unauthorised person has accessed their account. A link is provided to go to "Cancel and Manage Purchasing"

Here is the screenshot of the PDF:

mobile legend


After the user clicks this link, they are taken to a legitimate looking copy of the Apple login page. This is designed to harvest the login details of unsuspecting users.


This Apple ID login page utilises high-quality graphical images and elements that are normally found in legitimate Apple pages. Having convinced recipients that the email is actually from the tech giant, cybercriminals exploit on the well-established reputation of the brand to trick the company’s immensely large database of Apple users into divulging their confidential data.

While the email body in itself is not very sophisticated, the scam is a decently-executed one thanks to how it plays on users’ fears that their Apple ID has been compromised and/or has been used by someone who has access to their account. For instance, the scam contains safety disclaimers such as advising users to cancel their purchase “as soon as possible” if they believe they have been unfairly charged. By including disclaimers that are normally expected from an official notification originating from well-reputed organisation such as Apple, the receipt firstly builds trust with unsuspecting recipients. Simultaneously, it instils a sense of urgency among users, and prompts them to take action quickly by clicking on the provided link.

Despite the presence of such tactics, this email scam does contain several red flags for anyone who is vigilant enough to spot fake emails. For example, the email does not address the recipient directly at any point. Instead, it only refers to “Dear Apple customer” and “Dear customers” in the email body and the PDF attachment respectively. Several spacing and grammatical errors are also present in the receipt such as “This is a notification you recently purchasing on an Apple ID :”.

 MailGuard urges cyber users to be constantly on the lookout for such red flags, and to take extra precaution when clicking on links and providing confidential data online in order to prevent phishing attacks.

How to protect yourself against these e-mails


If you e-mails aren’t protected, you need to invest in a Mail filtering Service that cleans and removes Viruses and Phishing e-mails like this one, before they get to your mail box. Contact the team at QBT for more information on how our Mail Filter can protect your business.