In a recent cybersecurity conference, Korean researchers revealed a new and sophisticated fraud scheme known as ‘Poisoned Apple’. This scam targets the Apple Store Online and takes advantage of the ‘Someone else will pick it up’ delivery service offered by the company. The researchers revealed that this scam has so far stolen more than $400,000 in the last two years.
The fraudsters use stolen credit card information, which may have been obtained through cyberattacks on more than 50 online stores in Korea. These attackers will then sell new Apple products at soft prices on online second-hand stores. Whenever someone shows interest in buying these products, the fraudsters use the stolen credit card information to purchase the product from the Apple Store Online. However, instead of requesting delivery, the fraudsters will select the ‘Someone else will pick it up’ option.
With this option, the fraudsters will designate an unsuspecting bargain shopper to come and collect the product using a QR code and identification. The buyer will then pay the fraudster through the online store, and the cybercriminals will earn a large profit. This scam is particularly dangerous as it exploits the trust of buyers in the Apple brand and delivery service, and victims unknowingly participate in the scam, facilitating the theft of money from an unsuspecting credit card holder.
Although this scam has mostly been discovered in Korea and Japan, researchers believe that it can be performed in many other countries with Apple Store Online. To avoid falling victim to this scam, users are advised to be cautious when buying online, especially at prices that seem too good to be true and to only purchase from reputable retailers.
