BANGKOK, Thailand – A new phishing tactic is raising concern among cybersecurity experts, using Apple’s legitimate notification system to deliver deceptive messages that appear authentic. Instead of sending fake emails, attackers generate real system notifications from Apple’s servers, which bypass many spam filters.
The method involves creating an Apple ID and inserting misleading text into the account’s name fields. When account details are updated, Apple automatically sends a notification email to the targeted address. Because the message originates from Apple’s infrastructure and passes authentication checks, it can appear in the primary inbox.
These emails often carry subject lines indicating that account information has been updated, while the greeting may include alarming text suggesting unauthorized purchases and urging the recipient to call a phone number. Those who follow the instructions may encounter individuals posing as support staff who attempt to obtain sensitive information, such as payment details or account credentials.
Security guidance advises users to avoid calling phone numbers in such messages, to verify account activity directly through official settings, and to carefully review content and confirm any concerns through trusted channels. (NNT)
