Skip to main content
Advertisement
Live broadcast
Main slide
Beginning of the article
Озвучить текст
Select important
On
Off

The number of fraudulent resources offering to buy Apple gift cards and certificates has increased in the Russian Federation. After reports that the FAS had given the company until July 15 to restore Russian applications in the store, the attackers began spreading information about the alleged imminent blocking of the American company's services in our country. According to experts, fraudsters have deployed hundreds of channels using virtual SIM cards to fictitiously sell such services. They place offers for the purchase of gift cards and certificates through "one-time" sites with Apple symbols that exist for several days to a week, as well as through Telegram channels. You can find out how to distinguish fake offers in the Izvestia article.

The phishing wave around Apple

In the Russian Federation, there is an increase in the number of fraudulent resources, the appearance of which is directly related to the news around Apple. The reason was the warning that the FAS issued to the company on July 1 due to the creation of discriminatory conditions for Russian search engines and failure to comply with the requirements for pre-installing domestic software on iOS devices. The Antimonopoly Authority demanded that the violations be eliminated by July 15, 2026. If these requirements are ignored, the service may initiate a case, following which the company faces a turnover fine of up to 4 billion rubles.

фас
Photo: IZVESTIA/Anna Selina

According to cybersecurity experts, the attackers used this information to launch new deception schemes. So, from June 8 to July 8, 2,659 domains with mentions of Apple were registered — an average of about 85 per day, Sergey Trukhachev, head of the Smart Business Alert (SBA) service at ESA PRO, told Izvestia.

— Every high-profile news about the company was accompanied by a sharp surge in the activity of intruders. So, after the FAS warning to Apple, 178 new phishing domains appeared in five days, which is 109% higher than the daily average. A similar situation was observed after VK apps were removed from the App Store: two days later, according to our data, 123 domains were registered, which is 44% higher than usual," he said.

The demand for services related to paying for purchases in the App Store, renewing an iCloud subscription, changing the account region and installing unavailable applications increased more than tenfold from April to July compared to the beginning of the year, the director of projects at ANO Digital Platforms and the head of the Association of Professional Users of Social Networks told Izvestia. and messengers by Vladimir Zykov.

Хакер
Photo: IZVESTIA/Sergey Konkov

— The user is faced with a household problem — he cannot pay for a subscription or install the necessary application. Against this background, dozens of intermediaries quickly appear, promising to resolve the issue in a few minutes. At the same time, it is becoming increasingly difficult to distinguish a legal service from a fraudulent one," the expert noted.

According to his estimates, the volume of the gray market of services related to the Apple ecosystem can already range from 5 to 15 billion rubles per year.

Criminals are actually monetizing information panic, said Igor Bederov, Chairman of the Council for Combating Technological Offenses of the Constitutional Court of the National Security Service of Russia, founder of the Internet Search company.

Apple
Photo: Global Look Press/Ken Asakura

— As soon as reports of possible Apple restrictions appear, scammers deploy advertising networks on social networks and instant messengers. They offer a "last chance" to top up an account or purchase certificates, playing on users' fear of losing access to familiar services, he explained.

According to him, the attackers are actively using one-time websites with the symbols of an American company that have existed for only a few days, as well as Telegram channels registered on virtual SIM cards. Such an infrastructure is created practically in a conveyor mode, which allows fraudsters to quickly launch new sites to replace the blocked ones.

What are scammers playing on?

Experts note that most fraudulent schemes are built around two scenarios. The attackers offer users to purchase non-working gift certificates or codes paid for using stolen bank cards, said the head of BI.ZONE Digital Risk Protection Dmitry Kiryushkin. Another common method of deception is to ask for a username, password, or verification code under the pretext of adding an Apple ID to your account remotely.

After gaining access to the account, the scammers change its recovery settings, lock the device using the "find iPhone" function, and then demand a ransom for the return of access.

Пароль
Photo: Global Look Press/Valentin Wolf

— Only the information occasion changes, while the schemes themselves remain the same. In one case, a person transfers money and does not receive the promised deposit code. In another case, it ends up on a phishing page, where it transmits bank card data, an Apple ID password, or a two—factor authentication code. Even more dangerous is the scenario in which a user is persuaded to grant access to an iCloud account or log in to someone else's account. After that, the attackers can turn on the lost mode, lock the device and demand money for unlocking it. At the same time, as in the case of extortionate programs, the transfer of funds does not guarantee the return of access at all," explained Pavel Kovalenko, director of the anti-fraud center at Informzashita.

According to Jet Infosystems, up to 40% of Apple ID replenishment codes that are sold "by hand" in messengers and on bulletin boards are invalid. They have either already been activated or purchased with stolen bank cards, said Stanislav Yanchev, an analyst at Jet CSIRT, a proactive monitoring service for external digital threats.

Хакер
Photo: IZVESTIA/Polina Violet

— Scammers often distribute links to fake apps, for example, promising to circumvent restrictions. When trying to log in using an Apple ID, scammers intercept access, remotely block an iPhone or iPad and demand from 10 to 60 thousand rubles for unlocking," he explained.

Such campaigns arise after almost any restrictions of the usual digital services, said Daria Koshkina, head of the Solar AURA external digital threat monitoring service at Solar Group.

— While the topic is being actively discussed, attackers are exploiting the emotional state of users. After a few months, interest in a particular scheme usually decreases, but then a new information reason appears," the expert said.

суд
Photo: IZVESTIA/Anna Selina

As Mikhail Shurygin, chairman of the ROCIT Commission on cloud Technologies and information security, explained to Izvestia, the FAS warning concerns exclusively compliance with antimonopoly legislation. If the regulator's requirements are not met, the next step may be the initiation of an antimonopoly case and the imposition of a fine, which does not automatically disable devices or services.

Experts recommend using only trusted services, not passing on usernames, passwords, and two-factor authentication codes to third parties, avoiding transfer payments to individual accounts, and being wary of offers to purchase gift cards with an unusually large discount or under the pretext of "Apple's final lockdown."

Переведено сервисом «Яндекс Переводчик»

Live broadcast