As Apple opened preorders for the new iPhone, Kaspersky detected a spike in scam exploiting the device’s launch hype, with fraudsters deploying fake websites, bogus lotteries, and phony “tester” recruitment schemes to harvest personal data and financial information. These attacks pose significant risks including personal data theft and financial loss.
One of the scams involves counterfeit websites which mimic Apple’s official store, luring users with preorders for the iPhone 17 “before it sells out”, only to capture bank card details upon checkout.
Scammers are also running fraudulent lotteries promising free iPhone devices as prizes, requiring participants to pass a survey, submit personal information (email addresses, phone numbers, etc.) and pay a delivery or service fee. There is also a fake feedback pane with users claiming to have received their “prizes”.
A scam webpage announcing iPhone “celebration gifts”.
Additionally, fraudsters are advertising “tester” opportunities for the iPhone 17, enticing tech-savvy users to provide contact details and shipping addresses, as well as pay a fee for delivery in exchange for supposedly early access units, which are never delivered and result in spam overload or targeted phishing follow-ups.
A scam with a survey to become a “tester” of the new iPhone.
“Cybercriminals thrive on the excitement of major product launches, turning consumer enthusiasm into a gateway for data breaches. We’ve seen these tactics evolve from crude phishing to highly polished sites that can look authentic. Users must prioritise verification over impulse to stay safe and avoid falling victim to these opportunistic threats,” comments Tatyana Shcherbakova, Web Content Analyst at Kaspersky.
To be protected amid this new wave of iPhone-related scams, Kaspersky recommends users:
- Purchase exclusively from official sources: Only buy the iPhone 17 through Apple’s website, authorised retailers, or verified carriers to avoid counterfeit sites.
- Verify URLs and avoid unsolicited offers, ignore any unsolicited emails, texts, or ads promising deals or prizes.
- Never share personal data for “freebies”: Legitimate contests rarely require sensitive information upfront — treat any request for your name, card details, or addresses as a red flag.
- Enable multi-factor authentication and monitor accounts: Activate 2FA on Apple ID and financial apps and regularly review statements for unauthorised activity.
