Phishing - Credit Card Caught in Mouse Trap
Home ScamsPhishing Scams Phishing — Fake Apple Invoice Delivered as Attached PDF

Phishing — Fake Apple Invoice Delivered as Attached PDF

by Brett M. Christensen

Inboxes are being hit by emails with the subject line “#order detail” or  “Your receipt from Apple”.  The “from” line in the emails implies that Apple sent them. 

In some versions the brief message that makes up the body of the emails simply notes that “all detail attached on PDF”. Other version have a little more information including the name of the product supposedly purchased. These also urge you to check a PDF attachment for details.

In fact, the emails have no connection to Apple and the attached PDF does not contain a genuine Apple invoice.

The emails are phishing scams designed to steal your Apple ID, your credit card numbers, and other sensitive personal information.

Here’s what the initial scam emails looks like:

Apple Phishing Scam

From: Apple ld 
Subject: #order detail

all detail attached on PDF.

Attachment: #yourinvoice.pdf 

Here’s what the attached PDF looks like:

Fake Apple Invoice PDF

The scammers hope that you will click the Order ID link or one of the support links in the mistaken belief that you have been charged for a product or servcie that you never purchased.

All of the links in the PDF open a fraudulent website that looks almost exactly like the genuine Apple home page.  After logging in on the fake site with your Apple ID, the following notice will be displayed:
Apple ID locked Scam Page

If you click “Unlock Account”, the following “Account Verification” form will appear.  The bogus form asks for your name, address and contact details, your credit card numbers, and the security question attached to your account:

Fake Apple Account Verification Form

After submitting the form, you may see a final notice that claims that you have successfully unlocked your account and reversed the supposed purchase.

But, now, the criminals can collect the information you supplied and use it to take control of your Apple ID. Once in, they can make purchases in your name, use your Apple email account to distribute, spam, scam, and malware emails, and steal information from your iCloud files.

They can also use your credit card to conduct fraudulent transactions.  And, armed with all of the personal information they have gathered, they may also be able to steal your identity.

In this attack, the scammers have included the fraudulent invoice as an attached PDF in an attempt to thwart spam filters that may have otherwise flagged the email.

Apple phishing scams are very common and take many forms.  The Apple website includes a page that explains how to recognise and report such scam attempts.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,