iPhone users beware - an ongoing phishing campaign impersonating Apple.com, attempts to trick users into submitting sensitive device information, with the scammers in a perfect position to use the data in a countless number of fraudulent variations.
Here are more details on the campaign, and why would phishers want access to such information.
The phishing campaign has been in circulation for over two weeks, and continues using the "FREE 1 Year Warranty Extension Offer" theme in emails coming with subjects such as "IMPORTANT: Your FREE iPhone Warranty Extension for 1 Year!", leading to domain using fast-flux hosting infrastructure - www.apple.com.PHISHING.com/uk/iphone/warranty.htm.
What's also worth pointing out is that the phishers require the user to submit their email at the first stage of the process, presumably saving themselves time in validating it, or in an attempt to contact the recipient in the long-term requesting more data.
What are the phishers after? The email of the user, the Serial number, IMEI (International Mobile Equipment Identity), the type of iPhone (ie. 3G / 3GS) and the capacity of the device (ie. 16GB / 32GB).
Why would a phisher want access to such data? Whereas some would point out that they're interested in the practice due to the blocked IMEI numbers of stolen devices, which they can now change to ones that are not blacklisted, the long-term possibility of building inventories of such data to be re-sold to criminals looking for ways to bypass prepaid SIM restrictions, is a fully realistic one.
- Consider going through related posts: iHacked: jailbroken iPhones compromised, $5 ransom demanded; Source code for ikee iPhone worm in the wild; iPhone's anti-phishing protection offers inconsistent results; Apple adds malware blocker in Snow Leopard; Apple (Snow Leopard) malware blocker collecting cobwebs
Over the past year, there have been numerous developments internationally aiming to restrict the selling of prepaid SIM cards, which offer a safe heaven for criminals since no personal identification is required/stored when purchasing them.
With safety measures varying from mobile carrier to mobile carrier, with only a few publicly disclosing the protections they've built in order to limit the use of cloned devices on their networks, there are still countries where the lack of basic restrictions is naturally resulting in demand for such data, which the cybercrime ecosystem can easily supply through phishing campaigns.
The entire business model can be undermined by the mobile carriers realizing the potential for abuse, and by those actually obliged by law to ensure such activities cannot take place within their networks.