Skip to main content

Apple Pay Phishing Scam

Posted by Julia

In the News 

Advertisements embedded in online media have become the source of many malicious attacks. In Malvertising in Apple Pay Targets iPhone Users, Kacy Zurkus at Infosecurity Magazine discusses the detection of a phishing attack and redirection campaign that preys on Apple Pay users on both iPhones and Android devices. Zurkus explains that when clicked, a malicious ad, yet legitimate appearing, on specific news and media sites called PayLeak prompts users to Zurkus details that the malware can determine if one’s device contains malware detecting software and if it does not, iPhone users are prompted to update either their devices and Apple Pay accounts which require inputting financial information. 

Our Take 

Phishing campaigns are becoming increasingly complex and dangerous, and the endgame of such malicious attacks is the theft of your personal and financial information. While these attacks are designed to look legitimate and aim to trick the untrained eye into falling prey to such attacks, mindful online practices can protect you from falling into such traps. For the Apple Pay and many similar attacks, a user must first click on a malware embedded app. By refraining from clicking on unfamiliar ads, one can avoid the lure of such dangerous attempts. Similarly, an update prompt or request to enter financial information should be verified before complied with. You can check to see if an app needs updating on the AppStore or by searching online to see if an update for your app or device is ready. Although it is essential to update your devices regularly, it is vital that such practices be done with care and consideration of the possibility of malicious attackers aiming to steal your information.  

Recommendations 

How can you protect your data and finances from phishing attacks and scams?  

  • Understand the risks of putting your personal information into the world, and only share what you have to   
  • Use safe password practices, and take advantage of Multi-factor Authentication where possible   
  • Avoid clicking directly on links, whether in email or social media – always search through your search engine to verify legitimacy and find the appropriate site    
  • Refrain from opening suspicious attachments   
  • Pay particular attention to messages that threaten to cut off a service or promise unlikely rewards–these are intended to get you to act quickly without thinking   
  • Stay up to date on the news regarding recent fraud and phishing attacks to see if you may have been affected

Categories: Finances, Multi-Factor Authentication, Passwords, Phishing, Privacy, Social Media

Leave a Comment