Towerwall Security posted the following on September 10, 2013:

While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest.

We saw samples of spammed messages that attempted to spoof an Apple Store email notification. The said message informs recipients that they won the latest iPhone 5S mobile phones and iPad.

Sample iPhone 5S phishing email

Figure 1. Fake Apple email

To get these prizes, they are asked to go to a specific website and disclose their email address and password. This will obviously result in your credentials ending up in the hands of cybercriminals.

iPhone 5S phishing email collection web form

Figure 2. Phishing page

The content of the message and the sender’s email address are obviously fake. However, its combination of perfect timing plus popular social engineering hook may cause users to fall into the spammers trap. The most important thing to know is: “if it’s too good to be true, it probably is”.

Feedback provided by the Smart Protection Network indicates that this mail is particularly effective in targeting Southeast Asian users:

Nationality breakdown of iPhone 5S phishing email responders: 57% Malaysia, 17% Singapore, 8% Germany, 6% Japan, 4% Taiwan, 8% others

Figure 3. Most affected countries

Trend Micro blocks the said email message and blocks access to the phishing site.