It’s become an axiom in the cybersecurity arena that hackers and malware authors target their threats around the most popular online applications and trendy news topics. So celebrity-themed emails are suspect. Ditto messages disguised as correspondence from the Internal Revenue Service at tax time.
So is it any surprise that iTunes, Apple’s wildly popular music store, finds itself the focus of a new phishing scam?
Perhaps not, and it’s happening in a big way. Scammers believed to be operating out of Eastern Europe are targeting iTunes customers with a phishing campaign of official-looking emails that actually contain links directing users to malicious websites carrying the Zeus trojan malware. eSecurity Planet has the story.
Malware authors most likely based in Eastern Europe have devised a new phishing campaign designed to steal the login and password information from iTunes customers.
According to security software maker AppRiver, the new scam discovered this week starts with an unsolicited email with the subject, “Your receipt #” followed by a random number. The sender’s address claims to be “iTunes Store” and spoofs the address donotreply@itunes[dot]com.