iPhish – fake iPhone warranty steals info

1 minute read

This week we’ve seen a spam campaign aimed at separating unsuspecting users from their iPhone details.

Messages have the subject “IMPORTANT: Your iPhone Warranty Extension for 1 Year!”, pretend to be sent from “[email protected]”, and look as follows (click to enlarge the image):

Recipients who feel like they can’t let this limited-time too-good-to-be-true special offer pass them by will find themselves redirected to the following page:

All you have to do is enter your phone’s serial number and IMEI number, as well as its type and capacity, and you’ll be all set. Don’t know how to get any of these numbers? Not to worry, there’s a link to help you find them … which has the cheek to point to a real Apple support page. In fact all the links on this page point you to the real Apple website – this is partly to allay suspicion, but also simply because it’s easier for the authors to copy an area of the real site than to be selective or creative.

Entering your credentials (no, I didn’t give them any real ones) takes you to this page:

Interestingly they don’t ask for some fairly basic information here – at no point do they want either your name or your phone number. There’s still a range of nefarious activities they could get up to though – one that springs to mind is that IMEI numbers are used by network providers to block connections from phones registered as stolen, so by harvesting details from live phones criminals might be able to launder stolen phones.

Whatever they plan to do with your iPhone details, it’s not going to be good. You’re enticed in with a warranty, but the only thing you’re going to get is ripped off.

Leave a comment