Scammers phishing for sensitive iPhone data

Summary:iPhone users beware - an ongoing phishing campaign impersonating Apple.com, attempts to trick users into submitting sensitive device information that could potentially lead to the cloning of the device.

iPhone users beware - an ongoing phishing campaign impersonating Apple.com, attempts to trick users into submitting sensitive device information, with the scammers in a perfect position to use the data in a countless number of fraudulent variations.

Here are more details on the campaign, and why would phishers want access to such information.

The phishing campaign has been in circulation for over two weeks, and continues using the "FREE 1 Year Warranty Extension Offer" theme in emails coming with subjects such as "IMPORTANT: Your FREE iPhone Warranty Extension for 1 Year!", leading to domain using fast-flux hosting infrastructure - www.apple.com.PHISHING.com/uk/iphone/warranty.htm.

What's also worth pointing out is that the phishers require the user to submit their email at the first stage of the process, presumably saving themselves time in validating it, or in an attempt to contact the recipient in the long-term requesting more data.

What are the phishers after? The email of the user, the Serial number, IMEI (International Mobile Equipment Identity), the type of iPhone (ie. 3G / 3GS) and the capacity of the device (ie. 16GB / 32GB).

Why would a phisher want access to such data? Whereas some would point out that they're interested in the practice due to the blocked IMEI numbers of stolen devices, which they can now change to ones that are not blacklisted, the long-term possibility of building inventories of such data to be re-sold to criminals looking for ways to bypass prepaid SIM restrictions, is a fully realistic one.

Over the past year, there have been numerous developments internationally aiming to restrict the selling of prepaid SIM cards, which offer a safe heaven for criminals since no personal identification is required/stored when purchasing them.

With safety measures varying from mobile carrier to mobile carrier, with only a few publicly disclosing the protections they've built in order to limit the use of cloned devices on their networks, there are still countries where the lack of basic restrictions is naturally resulting in demand for such data, which the cybercrime ecosystem can easily supply through phishing campaigns.

The entire business model can be undermined by the mobile carriers realizing the potential for abuse, and by those actually obliged by law to ensure such activities cannot take place within their networks.

Topics: Security, iPhone, Mobility

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.