Antivirus company ESET announced the distribution of a new phishing attack, where fraudsters collect credit card data, sending out letters on behalf of the App Store.
The potential victim receives emails from party App Store (actually, the scammers use the mailbox was on the Norwegian domain). The letter States that the user is subscribed to YouTube Music Key. Now, according to crooks, the trial period is over and monthly fee for use of the service will be of 9.55-29,55 Euro depending on the connected options.
Scammers hope that the recipient will immediately try to cancel the subscription to avoid the promised “withdrawal of funds”. It is assumed that the victim will click on the appropriate link (App Store Payment Cancellation Form) in the letter.
When you click on the link user will be redirected to the American domain. It hosts a fake page, “unsubscribe”, the design of which mimics the original App Store page. There the user is prompted to enter the card data, to prevent write-offs.
Commenting on reports of a phishing attack, Apple noted that the App Store will never ask for personal information or sensitive account information (such as passwords or credit card numbers) via email. Email messages that contain attachments, or links to third-party web sites, sent by the company, although it may seem that their sender is iTunes. Under any circumstances you should not enter your account information Apple on any third party web sites.