MX Lab, http://www.mxlab.eu, started to intercept an phishing email from the spoofed email address “Service Apple <firstname.lastname@example.org>” with the subject “Reactivation No: A3556P325LL346E?” and the following body:
Dear (e) client (e)
We inform you that your account is about to expire in less than 48 hours, it is imperative to conduct an audit of your information now, otherwise your account will be deleted.
Download the attached form and open it in your browser and make your request.
Why you email he sent?
The sending of this email applies when the date of expiration of your account will terminate.
Assistance Apple customers
The email comes with the attachment Apple.html. Once opened you will have the following screen:
The HTML page contains code to use an iframe and the real web form is hosted on hxxp://photosappl.bbsindex.com:89/apple.com/ca/index.html.
Once all the details are filled in, the user is redirected to the official log in page of Apple at https://secure2.store.apple.com/es/sign_in/.