The Jason Clause Show

The Jason Clause Show


Apple Users Avoid this GDPR Phishing Attack

May 22, 2018

Be on the lookout for a new Apple-flavored email phishing attack.

New European data privacy regulation is going into effect this week. It's called General Data Protection Regulation (GDPR) and bad guys are using it as bait in a variety of ways. This scam looks like it is from Apple and claims that if you do not take action, your account will be "restricted". But in reality they steal your identity and credit card information.

Do not click on links in emails, or social media links related to any kind of problem with "GDPR". Delete the email or  forward it to IT and delete if from your inbox.

Links:
Scam of the Week: GDPR Phishing Attack With Apple Flavor / Royal Wedding
Transcript:
Jason Clause: Welcome to the Jason Clause Show. I'm Jason Clause, your host, and today we gotta talk about cyber security.

Jason Clause: All right, all right, all right. Welcome, everybody, to the show. My name's Jason Clause, and I'm your host. This is the Jason Clause Show.

Jason Clause: Ordinarily, this podcast is dedicated to a lot of things, including technology, but I wanted to get out an episode really quickly, so excuse the brevity. But I was reading an article yesterday that I got from, it's called Cyber Heist News, and it's published by KnowBe4. And I just want to say for thanks for the author of this.

Jason Clause: It points to a particular type of scam that's targeting Apple users, and it's leveraging concern around an acronym called GDPR, and many of you probably know what that is, but for those of you that don't, this is the security protocol or regulations that are going in place in Europe. The acronym stands for General Data Protection Regulation.

Jason Clause: And this episode isn't about that. There's a lot of articles about that out there. If you want to talk about it, give me a call. It's worthy of concern, but this isn't what it's about.

Jason Clause: What's happening is that malicious players are taking advantage of this, the same way they take advantage of the holidays or any other event to try to create anxiety or concern, or try to trick a victim into doing something that they wouldn't do otherwise.

Jason Clause: And in this case, what they're doing, is they're taking trepidation around GDPR and the fact that it just is this thing that people don't understand and they just feel like maybe some consequences are coming if they don't properly account for it.

Jason Clause: So this is an email that's sent out, looking like it's from Apple, targeting Apple users. And then telling them that their accounts are going to be restricted if they don't take action because of GDPR, and so the victim then will click on a link that will take them to a website that will, among other things, ask that victim to update their payment details, and boom. Now that's been stolen by the bad actor.

Jason Clause: So it follows a classic phishing sort of approach, but it's pretty well put together. There's also the website that have found, are pretty well done, meaning that if you're not really paying close attention to the address in the URL, you might fall into the trap.

Jason Clause: So this is something to be aware of. It's probably something to share with your team. Some of the tell-tale signs, the attacks don't seem to be very well targeted, so if you have users that aren't Apple users that are getting this, that's a good sign that you're on the list of targets. And then the other thing, of course, is the URL. It doesn't ... it's not an Apple web address at all, so look for that. Apple should be ... it should be www.