Email request to confirm your Apple ID turns out to be a phishing attempt


MX Lab, http://www.mxlab.eu, has intercepted some email requests to confirm your Apple ID that turns out to be a phishing attempt.

The email is send from the spoofed address “Apple <no-reply@apple.com>” with the subject “Vous devez confirmer votre compte Apple” and has the following body in the French language:

Cher client d’Apple,

Pour revenir a votre compte Apple, vous devez confirmer votre compte. C’est facile: cliquez sur le lien ci-dessous pour ouvrir une fenetre de navigateur securiser. Confirmez que vous etes le titulaire du compte et suivez les instructions.

hxxps://appleid.apple.com/confirm/OynS-uAtTw6W61X3oKA3PQ

Avant de vous connecter a votre compte sera confirmee, nous le faire savoir tout de suite.
Rapport, il est important car il nous permet d’empecher les fraudeurs de voler vos informations. Cordialement, apple.

Merci,
L’equipe d’Apple

S’il vous plait ne pas repondre a cet e-mail. Il a ete envoye a partir d’une adresse e-mail ne peut pas accepter les messages entrants.

This is a screenshot of the message in the inbox:

The embedded URL points to the site hxxp://penybonthotel.co.uk/apple/. This page contains an regular HTML redirect with the following code:

<meta http-equiv="refresh" content="0; url=hxxp://itunes.apple.verification.fr.morrisdrain.com/">

This first page shows us a web site what appears to mimic an Apple web site. On this page, the Apple ID, email address and password is requested.

The 2nd page allows the user to fill in his credit card details. The small pop up notification gives us a warning. The “Annuler” button (or Cancel button) doesn’t work so you will have to close this pop up warning with the cross top left.

After filling in your credit card details, it’s time to gather some personnel details from yourself like your address, city, country but also the security question and the linked answer.

When all the hard work is done, you will get the following acknowledge screen.

When using the button Continuer et sortir button (Continue button), you will get redirected to the Apple store in France.

MX Lab recommends to take special care when receiving emails with the request to confirm your Apple ID. look for the signs that the email is a phishing attempt: a fake from email address, strange embedded URL, HTML redirects, no HTTPS connections, bad translations, an abnormality in the design of the pages, and so on.