I have just received what looks like a text message asking me to go to an Apple website and update my details. When visiting the site, it really does look like it is Apple - BUT IT ISN'T!
First, what I got does not appear to be a text - there is no way to see who sent it except the name of the sender, "InfoApp". This leads me to believe that this could be something called a push notification. This is a feature that is becoming more popular and generally is a great thing, but, like all methods of modern communication, can be abused. I don't often accept push notifications, unless it is from a trusted source and am searching to see if and how it was sent (I will keep you updated).
If you get this text/message
- do not click the link
- forward it to your service providers spam team
- delete it
A text only version of this scam has been around a while (see this article).
Tracking the owner of the domain was not difficult:
Registrant Name: Stewart Johnston
Registrant Street: xx Carnreagh
Registrant State/Province: Hillsborough
Registrant Postal Code: xxxxxx
Registrant Country: GB
Registrant Phone: +44.xxxxxx250828
Now, they could be an innocent party (or fake details), whose website has been maliciously taken over, but I wonder what they are doing about it? Interestingly, this domain was registered at 4.55 this morning and I got the message at 6.48 - quick work!
BTW, being a good citizen, I have reported this to the polices Action Fraud website. Whilst it asked me about the issue, it did not ask about specifics - is this just a statistics gathering exercise or a useful proactive tool? I have also reported it to the domain registrars.
Don't get caught out by this and similar ones.
UPDATE: 6th February 2017
I reported the domain to the registrars and am happy to report they they have suspended the domain and blocked the account owner.