In a predictable socially-engineered attack, cybercriminals took advantage of the iPhone5s launch through a phishing spam campaign. We found samples of the phishing spam itself, with these samples proclaiming that the reader's email has been randomly selected as a winner for a promotional event involving the latest Apple device. They then ask the user to select their prize through an online catalog by clicking a link, which then leads to a website that asks for their email and password credentials. Of course, this is nothing but a scam, and the 'online catalog' a mere phishing website designed to steal information from hapless users.
Users must always be cautious before clicking links in suspicious messages such as these. Constant vigilance is always key to distinguishing legitimate mail from malicious ones. If in doubt, delete them, or verify with their supposed source, but through non-electronic means (such as an inquiry posited to their hotline).
The spam and the phishing website it links to are already detected and blocked by the security solutions powered by the Trend Micro™ Smart Protection Network™.