The new Apple iPhone has only just been released and already there are a couple of scams surfacing!
The first one is delivered by email with the enticing promise of a free iPhone.
There is a hyperlink contained in the body of the email which supposedly takes the victim to a website where they can claim their ‘prize’.
However, the link actually points to a website that contains malicious code designed to take advantage of several flaws in Internet Explorer’s security.
Should this attack succeed, the target computer becomes infected with code that turns it into a zombie machine that will forward the coder’s spam for him.
The second scam uses a combination of methods in an attempt to scam it’s victims.
An associated webpage installs a trojan onto the target’s computer which has the purpose of exploiting vulnerabilities in Internet Explorer 6 and 7.
When the trojan is in place a visit to either Google.com or Yahoo.com will cause a pop-up to appear, advertising an iPhone through a site called iphone.com.
This site will normally redirect the user to an Apple run iPhone site, however, the trojan will redirect the user to a pharming site that spoofs iphone.com.
This spoofed site appears genuine and has all the Apple iPhone imagery you would expect to see.
After completing the fake order screens, the potential purchaser is then instructed to send payment via Western union or Moneybookers to an address in Latvia.
Obviously it goes without saying that you wouldn’t receive an iPhone from this Latvian address.
Even if you realise it’s a scam when you see the less than totally secure payment methods, you will already have given up details such as your name and address.
The best defence against this scam is to have up-to-date antivirus software installed, run a firewall and remember not to purchase from any site found through a pop-up.
If you are running Internet Explorer then make sure you have the latest patches and updates installed.