As the world celebrates the unveiling of four new models of iPhone 14 smartphones, cybercriminals are now targeting to empty buyers’ wallets.
Buyers ordering the iPhone 14, iPhone 14 Pro, iPhone 14 Pro Max, and iPhone 14 Plus smartphones online are warned to be vigilant.
Kaspersky, a cybersecurity solutions provider has flagged numerous phishing pages, offering to buy the 14 iPhone, but actually designed to empty victims’ bank accounts and steal their Apple ID accounts.
Before the launch of the new smartphone, more than 8,700 iPhone- related phishing sites were detected.
How do cybercriminals empty buyers’ wallets?
Once the news was out that the company Apple planned to launch the new iPhone 14, cybercriminals began creating fake store pages offering either to pre-order a new smartphone at a discount or to buy it before the official announcement.
Since official photos of the iPhone 14 have not yet appeared online, attackers use photos of older phone models to attract users' attention. After the victim enters their bank card data to pay for the purchase, funds will be debited from their card, but the user will not receive the order.
By also tricking the buyer into paying for an order on a fake page, cybercriminals can gain access to their Apple ID (an account used to access Apple services such as the App Store, Apple Music, iCloud, iMessage or FaceTime).
They then gain access to all of their victim’s email addresses and sign-in passwords, as well as contacts and payment information.
Cybercriminals can also access the victim's iCloud, where their personal photos, document scans, and other sensitive information is stored. These photos may later be used by attackers for identity theft or even blackmail.
The attackers can then pressure the buyers and inform them that they can lose their ordered device anytime, which makes the victim give in and make payments.
“Cybercriminals often monitor new trends much more actively than ordinary users. They are constantly looking for something trendy that would interest people, and therefore can be used as a bait to trick them into entering credentials or payment data."
"The presentation of the new iPhone 14 is no exception and every year we see the increasing activity of attackers around the annual release of new iPhone models. This is why users should always be especially careful and not enter their personal data on suspicious pages, to avoid falling victim to cybercriminals,” said Olga Svistunova, security expert at Kaspersky.