- Статьи
- Internet and technology
- The light is on on the thief: scammers are exploiting Russians' interest in Apple's payment methods
The light is on on the thief: scammers are exploiting Russians' interest in Apple's payment methods
The prices of Apple recharge cards have increased dramatically, which has been exploited by both scammers and speculators. Under the guise of offers to change the region or sell inexpensive cards, the attackers began redirecting users to phishing links. Fraudulent bots have also appeared on the Network offering "air sale" schemes, when after payment the user is sent either an already used code or he does not receive the goods at all. The dangers of such offers and how not to lose your money are described in the Izvestia article.
Apple Gift Card Fraud
A sharp increase in interest in alternative payment methods for Apple services due to the introduction of new restrictions has provoked a surge in fraudulent activity, cybersecurity companies told Izvestia. The attackers quickly adapted their schemes to the new agenda and began actively using the topic of replenishing the App Store balance and circumventing regional restrictions to deceive users.
In recent days, the prices of Apple gift cards have increased significantly, in some cases by two or three times in a few days. On some sites, the margin reaches 1,500% of the nominal value: for example, users are offered to pay about 6 thousand rubles for replenishment of 500 rubles. This is due to the fact that such cards remain one of the few available payment methods for the company's services.
— Any restrictions or shortages instantly create a surge in fraudulent activity. When the usual payment method is disrupted, users start looking for workarounds, and it is at this point that the criticality of perception decreases," explained Yuri Tyurin, Technical Director of MD Audit (Softline Group).
According to him, the attackers create a sense of urgency and offer "simple solutions" — from cheap maps to help with changing regions, relying primarily on psychology rather than complex technical tools.
Cyber threat specialists also record a similar trend.
"The restriction came into force just a couple of days ago, but more than 50 new phishing resources related to Apple ID replenishment have already appeared," said Sergey Trukhachev, head of the Smart Business Alert service at ESA PRO.
He added that in this case, scammers do not invent new schemes, but use long—known mechanics - primarily phishing sites offering gift cards at low prices, as well as "help" services with payment, in which users are lured out of access to Apple ID. A separate segment has formed on ad sites, where the number of offers for "setting up" and circumventing payment restrictions has increased dramatically.
— Service offers like "I'll set up Apple Pay in 10 minutes", "I'll connect a turnkey foreign account" or "I'll activate payment without restrictions" appear on ad platforms. In reality, scammers often hide behind such offers," said IT expert Sergey Pomortsev.
According to him, users are offered to transfer access to a device or account, install third-party profiles, or follow questionable instructions. At best, such services turn out to be substandard, and at worst, a person loses access to their account or becomes a victim of data theft.
According to Maria Sinitsyna, senior analyst at the Digital Risk Protection department of F6, the first fraudulent domains began to appear almost immediately after information about possible restrictions appeared. According to her, the attackers disguise websites as official resources of an American company or digital goods stores, and also actively use ad platforms.
"Replenishment cards themselves are not dangerous, but attempts to purchase them online today are fraught with serious risks," she stressed.
In the press service of "M.Video" informed Izvestia that on March 31, there was a huge demand for replenishment cards for Russian accounts — they were sold out during the day. Currently, cards for accounts in other countries are available for sale. At the same time, the company intends to continue their implementation using the partner model, including for domestic accounts, the press service said.
What schemes are used by scammers?
Experts note that fraudulent resources are becoming more and more visually convincing.
— We have come across scam pages offering replenishment cards for the App Store and iTunes. They look very plausible: they simulate the application process and offer services with a commission," said Olga Altukhova, a cybersecurity expert at Kaspersky Lab.
According to her, it is important to check resources and avoid suspicious offers, especially if they look "too timely."
"Panic and misunderstanding of how to pay for subscriptions now create an ideal environment for intruders," added Lyudmila Bogatyreva, an expert at the Regional Public Center for Information Technology (ROCIT).
Among the common schemes are mailing lists with urgent calls to "unblock payment," as well as fake sellers in messengers and social networks that disappear after receiving an advance payment, she said. In addition, a scenario is being used to block devices through other people's accounts.
Vladislav Shelepov, a GSOC threat analyst at Gazinformservice, added that both bots and "air sale" schemes have appeared, when the user is sent an already used code or does not provide anything at all after payment. Offers of "help" are also actively being distributed, in which the victim is persuaded to log into someone else's account and then lock the device.
The key risk factor remains the desire of users to purchase cards at a price significantly lower than the market price or through unofficial channels, said Lyudmila Gladkikh, head of the Mobile department at SimbirSoft.
An additional threat is malware that can be distributed under the guise of tools to circumvent Apple-related restrictions. According to the Speakatel Cyber Threat Monitoring Center, the share of persistent malware that can survive removal attempts reached 28% in the first quarter.
"Such viruses can be dangerous for individuals because they steal passwords and card data, spy through a camera and microphone, and encrypt personal files with a ransom demand," explained Alexey Kozlov, a leading analyst at the center.
Of particular concern is the growth of sophisticated attacks on mobile devices. According to Positive Technologies experts, users are increasingly receiving notifications from Apple about possible device compromise, in which attackers can gain full control over their data.
According to experts, in such situations it is important not to take hasty actions — for example, not to reboot the device, so as not to lose the digital traces of the attack and be able to analyze it.
—Attackers disguise malware as "optimizers" and "patches", use phishing sites or use schemes to block devices by installing managed profiles, after which they demand a ransom," said Igor Bederov, head of the Internet Search company.
Experts agree: against the background of restrictions and shortages, fraudulent activity in this area will only grow, and users should exercise maximum caution — buy cards only from trusted sellers and not transfer account information to third parties.
Переведено сервисом «Яндекс Переводчик»
