Menu

Technology

New Phishing Attack Targets Apple iTunes, Security Firm Says

iTunes Scam

A new phishing scam targets iTunes users, seeking to con them into clicking a link by underscoring a massive purchase. The faulty math is even more reason to click on the link to some.PandaLabs

Got iTunes? Be careful, you might get iScammed too.

A new cyberscam has been targeting the tens of millions of users of Apple's iTunes music service, as crooks phish for confidential bank information. 

According to security analysis firm PandaLabs, a cleverly crafted e-mail is landing in e-mail in-boxes, informing people that they have made an expensive purchase on iTunes. The concerned user quickly tries to resolve the problem by clicking on a link in the e-mail -- which is always a mistake, though an easy one to make.

After clicking the link the user is asked to download a fake PDF reader, which redirects the user to infected Web pages (mostly Russian) containing Trojans among other malware that steal the user's personal details. 

“It never ceases to surprise us that the techniques used to trick victims continue to be so simple," said Luis Corrons, Technical Director of PandaLabs. "It's often difficult not to fall in the trap. That's why it's absolutely crucial that when you use platforms such as iTunes, and you receive these types of notifications, never go to the website through the e-mail, but rather from the platform itself."

Corrons told FoxNews.com that Panda has seen "around 300,000 e-mails pass through their spam filter over the last weekend alone," a relatively low number considering the vast flow of e-mail on the Internet today. But Corrons predicts "the number could be a lot higher in days to come."  

Panda was uncertain how many people have been taken in by the scam so far, however. 

"Whilst Panda do not have a figure on the numbers taken in by the scam, the Antiphishing Working Group has blocked some of the web addresses linked to the fake e-mail in order to protect users, he told FoxNews.com.

Apple did not respond to requests for confirmation of the scam, or questions about whether it plans to address the situation. But the company advises users who suspect they have received an e-mail that may be a phishing attack should forward it to reportphishing@apple.com.

FoxNews.com's SciTech section is on Twitter! Follow us @fxnscitech.