Google Analytics

Search This Blog

Wednesday, January 25, 2012

Symantec Security Response: Beware of the iPad 3 Scam

Recently, Sean Butler came across a scam email that is trying to take advantage of the hype surrounding the yet-to-be-released iPad 3. The release date of the iPad 3 is still unknown but spammers are already jumping on the bandwagon in the hope of scamming people who will be eager to get their hands on one of these devices.

The scammers introduce themselves as Mark Zuckerberg, the CEO of Facebook. The email then states how Facebook have joined up with Apple for a one time promotion – to give away an iPad 3 at no cost. This is, of course, all false information but the scam attempts to entice potential victims by stating how they have been randomly selected from a Facebook database. It is possible that a user could potentially be deceived by this ruse if they receive this email to the email address they have used to register with Facebook.

The user is then asked to click on a link and fill out a survey. The goal of the scammers here is to obtain personal information from the user and to verify that their email address is valid, which they will undoubtedly use to send more spam to in the future. The scammer might also be making money through click fraud, whereby they make money every time a user clicks on the link to the survey.

Even though this email was targeting a Symantec customer, our advanced monitoring systems were able to identify this scam. Upon investigating this email further, it is easy to ascertain that it is a scam email due to the poor grammar used in the email and the fact that there is a spelling mistake within the email itself. If you suspect an email you received from Facebook is a scam, you can report it to them.

Of course, no one will know for certain when the iPad 3 will be launched until Apple confirms the announcement themselves. Whilst it would seem that this particular scam was sent in a very low volume, it is likely that we will continue to see a build up of iPad 3 related spam right up until the official launch date. There will also undoubtedly be similar related scams doing the rounds on social networking sites as well.

An example of the message.

Symantec advises Internet users to adopt the following best practices to avoid falling prey to phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.

No comments: