Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


No, Apple is not running an iPhone 12 trial - it's a phishing scam

Image Description

Apple fans are being warned to stay alert following the discovery of an online scam promising early access to the rumored iPhone 12.

Experts at security firm Sophos have warned about a "smishing" scam that lures victims in to thinking they are getting an early look at Apple's next smartphone, but instead end up having their bank accounts raided.

The company is now warning users to take extra care when clicking on links in both SMS messages and emails, with criminals looking to spread their activity using a variety of methods.

Smishing scam

Sophos revealed that the scam starts with an SMS message that lures victims in with information about a fake delivery at an address different to theirs. If the victim clicks on the link in the SMS, they are taken to a website where they are greeted with messages from a fake Apple chatbot which says they were chosen to take part in an iPhone 12 trial.

This eventually redirects the victim to one of a number of different scams sites, which claims there is a courier delivery charge for the "free" phone. This is typically between £1 and £2, again helping to lure victims in with a low cost, but accepting this takes the victim to a credit card payment form that's hosted on what looks like a "special offers" website.

This site may seem secure, and even boasts an HTTPS security padlock, but anyone looking to pay is just handing over your personal data, including your full card number and security code, to the criminals, giving them access to your accounts.

"Friends don't let friends get scammed," says Paul Ducklin, Principal Research Scientist at Sophos. "That's why we deconstructed this smishing scam in detail and made a video of the process. You can show it to the people who rely on you for advice about cybersecurity and let them see how it plays out - without having to click through yourself."


26 Sep 2020



Other Blog

  • AMD's next-gen Big Navi GPU clock speeds should concern Nvidia

    Rumors suggest the Radeon RX 6800 XT reaches over 2.5GHz

    Read More
  • Parrot TDS poses immediate risk to web developers worldwide

    Staying up to date with the ever-evolving security landscape is central to maintaining the security of webservers and keeping potential threats at bay. 

    There are several key threats to webservers that are important to be aware of, to prevent and mitigate those risks. DoS and DDoS attacks, SQL injections, unpatched software and cross-site scripting, to name a few. 

    Now, a recent discovery from threat researchers at Avast has shone a light on an immediate and significant risk to web developers worldwide, named Parrot TDS.

    What is a TDS?

    Traffic Direction Systems (TDS) are not new. They have been an enemy of web-developers for several years. Used as landing pages that direct unsuspecting users to malicious content, TDS serve as a gateway for delivering various malicious campaigns via infected sites.

    Many TDS’ have reached a high level of sophistication and often allow attackers to set parameters which look at users’ geolocation, browser type, cookies, and which website they came from. 

    This is used to target victims who meet certain conditions and then only display phishing pages to them. These parameters are usually set so that each user is only shown a phishing page once to prevent servers from overloading.

    Parrot TDS

    In February, Avast’s threat researchers discovered a swarm of attacks using a new Traffic Direction System (TDS) to take control of the victim’s devices. The new TDS, named Parrot TDS, emerged in recent months and has already reached hundreds of thousands of users worldwide, infecting various webservers hosting over 16,500 websites.

    One of the main factors distinguishing Parrot TDS from other TDS is how widespread it is and how many potential victims it has. From March 1, 2022, to March 29, 2022, Avast protected more than 600,000 unique users from around the globe visiting sites infected with Parrot TDS, including over 11,000 users in the U.K. In this timeframe, Avast protected the most users in Brazil (73,000) and India (55,000); and more than 31,000 unique users from the US.

    In this particular case, the infected sites’ appearances are altered by a campaign called FakeUpdate, which uses JavaScript to display fake notices for users to update their browsers, offering an update file for download. The file we have observed being delivered to victims is a remote access tool called NetSupport Manager which is misused by attackers to give them full access to victims’ computers.

    Parrot TDS also creates a backdoor on the infected webservers in the form of a PHP script to act as a backup option for the attacker.


    Like Parrot TDS, FakeUpdate also performs a preliminary scan to collect information about the site visitor before displaying the phishing message. The scan checks which antivirus product is on the device to determine whether or not to display the phishing message. 

    The distributed tool is configured in such a way that the user has very little chance of noticing it and if the file displayed by FakeUpdate is run by the victim, the attackers gain full access to their computer. 

    The researchers observed other phishing sites being hosted on the Parrot TDS infected sites, but cannot conclusively tie them to Parrot TDS. 

    CMS sites

    We believe attackers are exploiting webservers of poorly secured content management systems, like WordPress and Joomla sites, by logging into accounts with weak credentials to gain admin access to the servers.  

    WordPress has a long history of being a very rich and desirable target for exploits. This is because the software is based on running a series of PHP scripts, which is a popular venue for hackers. The sheer number of components, including plug-ins, themes, and other scripts, makes it hard to prevent potential infections or compromises.

    On top of this, many WordPress websites are running older versions that could be behind several major releases, which leads to security vulnerabilities being left unpatched. In addition, some administrators are inexperienced in IT operational security or simply overburdened with other responsibilities and can’t dedicate enough time to implementing the necessary security measures to ensure the safety of a WordPress site.

    How developers can protect their servers

    Nevertheless, there are steps web developers can take to protect their servers against these attacks, starting with simply scanning all files on the webserver with an antivirus program. Further steps developers can take are:

    - Replace all JavaScript and PHP files on the webserver with original files
    - Use the latest CMS version
    - Use the latest versions of installed plugins
    - Check for automatically running tasks on the webserver (for example, cron jobs)
    - Check and set up secure credentials, and use unique credentials for every service
    - Check administrator accounts on the server, making sure each of them belongs to developers and have strong passwords
    - When applicable, set up 2FA for all the webserver admin accounts
    - Use available security plugins (WordPress, Joomla)

    How site visitors can avoid falling victim to phishing

    For site visitors, it’s as crucial as ever to be vigilant online. If a site being visited appears different than expected, visitors should leave the site and not download any files or enter any information. 

    Similarly, visitors should only download updates directly from browser settings and never via other channels.

    Read More
  • Linus Torvalds pushes out emergency Linux update

    'Subtle but nasty bug' trashed several development workstations at Intel.

    Read More
  • Intel declares war on AMD with demo of Tiger Lake 8-core laptop CPU gaming at 5GHz

    Previously, Intel’s Tiger Lake mobile processors topped out at quad-core models, but not for much longer.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us