More than 10,000 mailboxes were targeted by the attackers, according to Armorblox researchers who discovered the attack. The hackers bypassed Microsoft Office 365 mail protection and were almost able to get to their victims.
Cybercriminals sent out a letter under the heading "We have suspended your access to Apple services", which was supposed to get into the mailboxes of thousands of people. The experts analyzed the letter and came to the conclusion that the attack should have gone according to the following scenario:
- The victim received an email from a legitimate domain associated with Apple (icloud[.]com);
- The text of the letter convinced the victim that the IT giant could not confirm the authenticity of her card and required re-verification. In the letter, the hackers put psychological pressure on the victim, claiming that if the recipient fails to verify their card, they will lose access to FaceTime and iCloud;
- If the victim is guided to the text of the letter, then they follow the link attached to it and enter their data on it, which then fall into the hands of attackers.
The researchers note that the attackers used the Apple brand for their own purposes against the backdrop of Black Friday and Cyber Monday sales in order to lull the vigilance of their victims and easily gain their trust. In addition, Microsoft's security systems marked the email from cybercriminals as safe. And it would have reached the mailboxes of more than 10,000 users if not for the Armorblox systems that stopped this attack.
Comments 0