Fake GTX Notification Email Spam Leads To Apple ID Phishing Page

 Analysis by: Fjordan Allego

Rumors are circulating that the public version of iOS 8.4 is about to be released to the general public in the next few weeks, though Apple has kept mum about the exact date.

Last month, Apple made a surprise distribution of its iOS 8.4 beta program for developers shortly after the release of 8.3. This makes it the third time that Apple has released the beta version of iOS 8.4, thus increasing the hype and anticipation for its public release. And as with all things with sufficient enough hype, cybercriminals have begun to take advantage of those looking forward to 8.4's release - specifically users with access to Apple's Global Service Exchange (GSX), Apple’s online service portal.


Our team of engineers recently received samples of such a spam campaign. The said spammed mail came with two links – the first promising to lead to an article that tells the reader how to download the new iOS, and second, a link to the official GSX secured site itself. The first link, instead of directing users to the promised article, instead leads them to a fake GSX page hosted in HostGator. Made to look exactly like the GSX login page, any Apple ID user may find themselves sending their credentials to cybercriminals if they use this fake page to log in.

This is just one of the many phishing mails targeting Apple users. While most of us are now getting more wary of the links that we’re clicking online, we have to be extra careful as well when providing our account information to sites that may look legit at first glance.
 SPAM BLOCKING DATE / TIME: May 22, 2015 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:1562