Thousands of Scam Websites “Selling” iPhone XS and iPhone XS Max

Experts at Group-IB have reported a sharp increase in the registration of domains offering the new iPhone XS and iPhone XS Max smartphones, whose official sales in Russia only began today. Over the past three months, more than 5,000 such domains have been discovered—some of which are already being used by scammers for phishing, stealing bank card information, and collecting users’ personal data. According to the company’s estimates, in just the first month after sales begin, the potential revenue of the top 20 fraudulent sites could reach about $500,000.

Group-IB specialists have been monitoring the registration of domains mentioning iPhone and Apple since January 2007, when Steve Jobs introduced the first Apple smartphone. That year, 1,125 such domains were recorded, and by the end of 2015, the number had nearly doubled to 2,975. A new surge in the registration of iPhone-selling resources occurred in 2017, when Apple released three smartphone models at once.

iPhone XS and XS Max Launch Drives Online Fraud

This year, Apple’s new products—the iPhone XS and iPhone XS Max—were unveiled on September 12 at the Steve Jobs Theater, and official sales in Russia began today, September 28, 2018. According to re:Store, the number of pre-orders for these gadgets is 35% higher than last year—customers traditionally started lining up five days before sales began. The “hype” around the smartphones was seen not only at stores but also online.

“As we warned, online scammers decided to take advantage of the excitement around the iPhone XS and iPhone XS Max. In September, we recorded 12,260 domains mentioning iPhone, about 5,000 of which were registered in the last three months. These are run by both legitimate entrepreneurs and resellers, smugglers, and scammers. It takes just a few hours to set up a full-fledged phishing or scam site on a registered domain,” says Andrey Busargin, Director of Brand Protection and Intellectual Property Innovation at Group-IB.

Fake Sites and Phishing Schemes

On the eve of the Russian launch of the iPhone XS and XS Max, company experts analyzed the 20 largest resources appearing at the top of search results for “Buy new iPhone.” These include both phishing (fake) clones of real online stores and outright scam sites luring users with huge discounts (up to 80%) and aggressive advertising. On such sites, iPhones and their copies are offered at prices ranging from 10,500 to 120,000 rubles. By conservative estimates, the revenue of the top 20 scam resources could reach $500,000 (33 million rubles) in the first month of sales alone.

On some reseller sites selling “gray market” iPhones, prices for the new models before official sales in Russia ranged from 97,000 to a record 500,000 rubles. However, there weren’t many buyers: according to mobile operators, a total of 1,050 iPhone XS and XS Max devices have been registered in Russian cellular networks—only a third of those imported into the country so far. The risk of being scammed remains high: taking advantage of the hype, scammers often require prepayment of 50% to 100%. There’s no guarantee you’ll receive even a “gray market” phone—you might get a fake or the scammers might simply disappear with your money.

Phishing Threats on the Rise

Group-IB experts see phishing as the greatest danger amid the launch of new iPhone models. According to the Group-IB Threat Intelligence system, in September this year, the number of phishing resources targeting Apple product users doubled compared to the same period in 2017, reaching over 800 sites. Scammers not only copy the websites of official Apple dealers and register similar domain names, but also use the same marketing channels and tools as legitimate stores: they pay for social media campaigns, buy top positions in search results, use pop-up messages about special offers, and more.

Experts note that Instagram, due to its visual nature and focus on users who love taking photos with their phones, has become the main channel for promoting scam sites. Under the guise of contests, giveaways, or promotions with discounts of up to 50%, scammers collect bank card data, personal information, or use the previously mentioned prepayment scheme with no guarantee of receiving a new iPhone.