- Phishing emails “notify” the victims of an active subscription of $ 50
- Victims can “cancel” the subscription, by clicking on a link in the messaging organization
- The link leads to a false connection page where Apple ID identification information is collected
Cybercriminals are the identity of a popular video editing application to steal people’s Apple connections, security researchers warn.
Earlier this week, Cofsense’s security outfit warned of identifying a new phishing campaign. In this document, the attackers would use Capcut, a video and graphic publishing application developed by Bytedance, the company behind Tiktok.
Capcut is extremely popular, with hundreds of millions of active users. It offers both a free level and a paid level, which attackers are abusing now.
Steal identification information
The Erappé email imitates the Capcut brand to stimulate legitimacy and “informs” the victim they have just taken out in the paid version, costing $ 50.
Further in the email, the victim is proposed to cancel “subscription” if it was made by mistake.
With many mobile applications invoicing their default services, it is not completely irrational to trust email and rush to cancel the subscription.
However, click on the link redirects the victim to a false Apple connection page, where they are asked to provide its Apple ID identification information.
This identification information is then relayed to the attackers, which they can use to access the images, messages and other sensitive data from people. They can also use it to make purchases, also causing direct financial damage.
The best way to defend yourself against these attacks, says Cofense, is to be skeptical about all incoming emails, especially those who demand that people urgently do something:
“This phishing campaign highlights the ease with which confidence can be manipulated thanks to the brand image and the familiar emergency. By imitating the identity of Capcut / Apple and by swept the threat of unwanted accusations, the attackers guide the victims through a process of flight of identification in two stages without seam, “explain the researchers.
“The use of a false verification step at the end is a subtle but strategic decision to delay suspicion and prolong the attack window. As always, skepticism is a critical defense – consult the URLs carefully, question the unexpected prompts to sensitive information and report suspicious messages. ”
Via Cyberness
