Apple faces new issue with in-store pickup for online orders- Full details on $400,000 scam
During the Black Hat Asia conference, security researchers exposed a clever cybercrime tactic that takes advantage of the ‘Someone else will pick it up’ feature on the Apple Store Online. This scheme has allegedly earned criminals more than $400,000 in a span of two years.
“Pickup” scam exposed
Cybercriminals use a two-pronged strategy to pull off their scams. At first, they sell Apple products at discounted prices on used online platforms in South Korea, such as Craigslist or eBay. After the buyer agrees to the purchase, criminals use the stolen credit card information to purchase the actual product at the Apple Store. Instead of sending the purchased item, they choose the “Someone else will pick it up” option. This allows a buyer who is unknowingly involved in the scam to pick up the product at an Apple retailer using an authorized ID and QR code/order number, reports 9to5mac.
The PoisonedApple program
Dubbed “PoisonedApple” by researchers Gyuyeon Kim and Hyunho Cho, the scam has proven to be lucrative. For one iPhone 15 purchased at a discounted price of $700 and later sold for the actual price of $800, the criminals make a profit of $700, all at the expense of the original credit card owner.
Apple’s position and research challenges
In some extreme cases, Apple’s reluctance to cooperate has hindered investigations. Despite victims’ attempts to report these incidents to card companies and the police, Apple’s internal policies have caused significant delays in investigations.
Global scope and culprits
Although the current scheme targets South Korea and Japan, researchers suspect that the culprits are based in China, as the phishing sites are registered through a Chinese ISP. Evidence also points to mentions of Simplified China on dark web forums, suggesting a possible expansion of this scheme to other regions, including the United States.
In light of these findings, it’s important to remain vigilant when shopping online and watch out for offers that seem too good to be true. Always make sure to verify the authenticity of sellers and platforms and report any suspicious activity immediately.