Panda Labs is warning of a new phishing scam that targets Apple iTunes users.
ITProPortal explains users are sent an e-mail containing a seemingly real iTunes receipt, telling them that they have just made a very expensive iTunes purchase. The user, having never made the purchase to begin with, will likely try to resolve the problem by clicking on the fake link, says InformationWeek.
The link instructs the user to download a bogus PDF reader, which actually downloads multiple malicious files. The user is then redirected to a website containing the Zeus Trojan, which is designed to steal personal information.
PCMag.com quotes Luis Corrons, technical director of PandaLabs, as advising:
When using services such as iTunes, it is absolutely crucial that users never go to the website via e-mail, but rather from the platform itself where they can verify their account status.