Through the ESET Research Laboratory, they found a phishing case that was sent via a "" message to victims of the iPhone's theft, to get their iCloud credentials and the unlock key.
The fraud is being presented to the victim's cellphone robbery at a later stage, which, after switching on a new device, receives SMS messages informing him of his alleged location of his iPhone. be notified. In case the user falls for the deception, access a fraudulent website that simulates to be the company's official website, where you are asked to enter your username.
The domain that appears in the URL does not match an official site, despite the similar appearance and uses familiar words to give the truth to the fraud and thus reach the victim in the fall.
"The victim of the iPhone's theft has fallen and so he sent the message to the ESET lab for analysis. We had to change the last characters of the link to reach the active site, showing that personal links to the victims of the theft of their devices are being sent and are looking for a greater succession of every possible victim. ", Camilo Gutierrez, Head of ESET Latin America Research Laboratory.
The alleged information comes through a text message. Photo: Courtesy ESET.
The only purpose of the page is to steal the credentials, since, when importing any information, The site does not attack if the given credentials are correct, but also insists on the user to include the cell-unlock key.
Once the iCloud password and cell unlock key are entered, the page is redirected to a location on Google Maps.
In this case, it's a point in the province of Cordoba, in Argentina. When analyzing the two domains involved in the phishing redirects, ESET discovered that one of them (of the text message) was registered with data from Peru, but with an address at Av. Malvinas Argentinas; coincidence with the location indicated on the map, where the stolen cell phone was presumably found. Both domains have been registered in the past 60 days.
In addition, the revised URLs give indications of the intent to be used for deception of social engineering. Both pages at their top level do not show an active site, except when accessed by full links with subdomains. When analyzing the IP address of the server, it was also found that two other sites were offered at this address, which are already offline, and from there, the phishing campaigns were created.
You will also like to read: Signals to know if they hacked your phone
From the ESET Research Laboratory, We recommend that you do not click on links we receive without first checking their origin, truth and checking whether it is from an official website, as well as in the phishing messages emailed to you. come.
"In this case, the victim of the iPhone's theft had to gain direct access to the iCloud website and take the necessary steps to use the mobile device's search engine. In this way, he could have confirmed or not, or his device was active and could be somewhere, "Gutierrez said.
"Cyber criminals are constantly trying to improve their practices and adapt to the advancement of technology and the security options of the devices. It is important to report these facts, both the theft of the device and the personal data as it is a victim of phishing ".
With information from ESET Colombia
Willmary Montilla – Colombia.com
This publication was thanks to COLOMBIA.COM studied from the technology section
COLOMBIA.COM is a colombian website about news, technology, entertainment, sports and much more.
It is a good site at national and international level, visit it for more information.
WE CONTINUE THANKING ALL OF OUR FOLLOWERS AND NEW VISITORS FOR THE SUPPORT THEY GIVE US AND CONTINUE GIVING US.
WITH SINCERITY THANK YOU
DO NOT FORGET TO SUBSCRIBE TO OUR NEWSLESTER TO OBTAIN THE LAST NEWS.