Fake Apple Invoices
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
Internet criminals are getting more and more inventive with their social engineering attacks. Here are two examples of fake Apple invoices. The first is an example from the Sophos blog showing a $699.99 charge for a postcard. The link “View/Download” ends in download.jpg.exe, while the “Cancel” and “Not your order” URLs end in check.php. The smart social engineering in these fakes is that the victim gets scammed either way, whether you are curious what this is about or upset with this seemingly unauthorized charge, you are still likely to click one of the links:
This excerpt appears with permission from knowbe4.com.