Inboxes are being hit by emails with the subject line “#order detail” or “Your receipt from Apple”. The “from” line in the emails implies that Apple sent them.
In some versions the brief message that makes up the body of the emails simply notes that “all detail attached on PDF”. Other version have a little more information including the name of the product supposedly purchased. These also urge you to check a PDF attachment for details.
In fact, the emails have no connection to Apple and the attached PDF does not contain a genuine Apple invoice.
The emails are phishing scams designed to steal your Apple ID, your credit card numbers, and other sensitive personal information.
Here’s what the initial scam emails looks like:
From: Apple ld Subject: #order detail all detail attached on PDF. Attachment: #yourinvoice.pdf
Here’s what the attached PDF looks like:
The scammers hope that you will click the Order ID link or one of the support links in the mistaken belief that you have been charged for a product or servcie that you never purchased.
All of the links in the PDF open a fraudulent website that looks almost exactly like the genuine Apple home page. After logging in on the fake site with your Apple ID, the following notice will be displayed:
If you click “Unlock Account”, the following “Account Verification” form will appear. The bogus form asks for your name, address and contact details, your credit card numbers, and the security question attached to your account:
After submitting the form, you may see a final notice that claims that you have successfully unlocked your account and reversed the supposed purchase.
But, now, the criminals can collect the information you supplied and use it to take control of your Apple ID. Once in, they can make purchases in your name, use your Apple email account to distribute, spam, scam, and malware emails, and steal information from your iCloud files.
They can also use your credit card to conduct fraudulent transactions. And, armed with all of the personal information they have gathered, they may also be able to steal your identity.
In this attack, the scammers have included the fraudulent invoice as an attached PDF in an attempt to thwart spam filters that may have otherwise flagged the email.
Apple phishing scams are very common and take many forms. The Apple website includes a page that explains how to recognise and report such scam attempts.