A new malware attack has seen hackers use fake iTunes Store receipts in order to trick users into installing the Zeus malware, which steals financial details.
“Victims receive a cleverly crafted email informing them that they have made an expensive purchase on iTunes,” security firm PandaLabs said in a statement.
“The user, having never made the purchase to begin with, is concerned by the email and naturally tries to resolve the problem – in this case by clicking on the proffered (fake) link.”
After clicking on the link, users are taken to a website which installs a fake PDF reader. If the software is installed, the malware spreads throughout the computer.
PandaLabs said it is important that users click on links through unverified emails, but should instead visit the iTunes store and other websites through entering the URL themselves.
“When using services such as iTunes, it is absolutely crucial that users never go to the website via email, but rather from the platform itself where they can verify their account status.”
Patrick Stafford is a freelance journalist and a former deputy editor of SmartCompany.
