Internet users are being warned to be on the lookout for emails which claim to be from Facebook or Apple.
The warning comes after security experts found that cyber criminals have unleashed a massive campaign of ‘email spoofing’ designed to fool unsuspecting users into handing over their login details and other private data.
The data is then sold for a profit by hackers on the dark web or used to carry out ransomware attacks where user data is held until a ransom is paid.
The spoof emails easily fool some users as they look for all intents and purposes like a legitimate email and often include logos and are sent from what looks like a genuine email address.
A recent study by digital security firm Detectify claimed that cyber criminals are able spoof about half of the world’s most popular domains for use in imposter scams and email spoofing.
As well as the biggest social media sites, criminals are also targeting major news and media sites for their spam email campaigns, meaning that users could be bombarded with scam emails from what look like they are from some of the world’s best known websites.
The news comes just weeks after iPhone users were targeted in a text scam that tried to trick them into handing over the login details to their iCloud and iTunes account, which of course stores user credit card details.
Apple later confirmed to users that it never asks for sensitive or private information via email or text message.
“The iTunes Store will never ask you to provide personal information or sensitive account information”
A status update on the Apple website also read:
“Phishing refers to an email that attempts to fraudulently acquire personal information from you, such as your Apple ID, password and/or credit card information. On the surface, the email may appear to be from a legitimate company or individual, but it’s not.
“As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never solicit such information from customers by email. ”
As a rule of thumb, if you receive an email from anyone asking for credit card information, login details or other private data, regardless of how legitimate the email may appear to be, you should not hand over such information via email.