Sophos Report: Fake Apple Invoice Leaves You Vulnerable to Malware

In an era when online security and privacy are central questions, Sophos has today dropped the information that cyber criminals aren’t just targeting your applications — they can’t really, due to Apple’s ecosystem — but they have now found another way to get access your private data: by convincing you to infect yourself.

Apple email sophos
According to a Sophos blog post, an email that claims to have been sent by Apple containing an invoice for — in the case they showcase — a postcard, contains a link that leads the user to download a malware app aimed at logging your keystrokes. This ultimately has to do with gaining access to your bank account.

The Windows computer they used was running a Sophos anti-virus application — obviously — and after hitting the link in the email that normally would lead the user to Apple’s website, they landed on a site that claimed to be the IRS’s site and were prompted to update their browser with links to the “updates”.

As you may already already have guessed, this is when you download the malware. In other words, check your emails twice before hitting the links provided in them.