Scam targets Apple App Store customers

Phony e-mails tell people their App Store orders have been canceled, hoping they'll click on a link that whisks them to an online pharmacy.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
2 min read
F-Secure offers this image of a scam e-mail. Screenshot by CNET

One of the latest scams floating around cyberspace is aimed at people who recently bought items at Apple's App Store.

As described yesterday by security vendor F-Secure, scammers are sending out phony messages to users claiming that a recent order at Apple's App Store has been canceled.

F-Secure's blog post intimated that the scam was specifically targeting actual App Store customers. But instead the scammers seem to be employing the usual shotgun approach, targeting many people in hopes of hitting a certain percentage who actually just bought something through the App Store, Sean Sullivan, a security adviser at F-Secure, told CNET today.

Sullivan explained that he doesn't believe F-Secure has any evidence that the scammers had actual knowledge of who made App Store purchase.

"I think it's probably coincidental timing is all that we can say at this point," Sullivan said. "And the customers who sent this to us did so because of the concern that they wanted to double-check.

The fake e-mail contains a link that people are supposed to click to see their order information. But instead, the link takes them to an online drugstore.

The scam doesn't seem to deliver any actual malware, at least nothing that F-Secure noted. And the security firm was surprised that people weren't directed to a phony Apple App Store page where they'd be prompted to enter their Apple account credentials.

The scam itself doesn't appear to be widespread at this point but is instead based on a number of e-mails that F-Secure has received from multiple customers who received the message after having made a recent App Store purchase.

This latest scam follows another recent ploy in which people are prompted to click on a link in an e-mail that promises news about the iPhone 5. Described by tech site MacRumors, the link instead triggers an executable file that likely delivers a payload of malware.

An Apple representative declined to immediately comment.

Updated at 9:30 a.m. PT with more details and clarification from F-Secure.