Security Researchers Warn Users of iPhone 5G Scam

In the recent past, we witnessed scammers exploiting events such as Tsunami and Osama Bin Laden's death. Scammers also attempt to defraud people through tax refund scams.  Fraudsters are now trying to leverage popular products to deceive Internet users. Recently, security researchers at Internet security firm, Sophos identified a new iPhone 5G scam. Attackers purportedly send a specially crafted e-mail, which appears as a legitimate product promotion e-mail from Apple. The scam may easily dupe internet users as the e-mail appears to come from the vendor, and the subject line indicates introduction of black edition of iPhone 5. The e-mail lists the features of the iPhone 5G, and contains images of the product, leaving no reason for a non-technical user to doubt the authenticity of the e-mail. Attackers take advantage of the curiosity generated by popular products to trick users into believing false claims. In this case, the e-mails contain links. Internet users may click on the malicious links by misinterpreting them as directing to GIF files. However, the files have double extensions, which actually lead users to a malicious executable file.

Internet security professionals at Sophos have identified the malware as Troj/Zapchast-B Trojan. The malware affects Windows Operating system. Internet users must be skeptical of links provided in e-mails. They must verify the authenticity of the product promotion e-mail by directly visiting the vendor's website and viewing the product list. They must avoid clicking on links provided in e-mails, and downloading attachments with risky extensions. They must download anti-virus program from the website of a security vendor and update the program regularly to safeguard computer system and information. As attackers may target organizational users with different variations of such scam e-mails, organizations must train employees on safe computing practices through workshops, training sessions and e-flyers. Online computer degree programs may help employees in updating themselves of various types of online threats and security fundamentals.

Developers must coordinate with Internet security firms and alert people regarding any malicious campaign, spam and phishing attacks involving mention of products manufactured by them. Professionals qualified in in IT masters degree program, may help in timely assessment of security threats and initiation of appropriate security measures.

Proactive action is crucial to combat varied, sophisticated and frequent threats in the Internet environment. Developers, Internet security firms, security researchers, government bodies and organizations must coordinate and share information to prevent security incidents. Regular participation in webinars, security conferences and undertaking online technology degree programs may help professionals in keeping track of latest happenings in the security industry, emerging threats and foster security conscious culture.