Criminals have been sending fake CapCut invoices to steal Apple ID credentials and credit card information.
CapCut, a ByteDance short-form video editing platform, is dominating the market, making it an extremely lucrative target for cybercriminals. Cybersecurity company Cofense recently observed a new phishing campaign, designed to steal Apple ID logins.
Cybercriminals have been faking invoices from CapCut, mimicking official branding. Usually, an unsuspecting user gets a “subscription confirmation” letter. Upon seeing that it would cost them $50, the user rushes to press “cancel subscription,” which is nothing more than a trap.
The user is then redirected to a fake Apple ID login page and prompted to enter their credentials.
Threat actors also prompt victims to add credit card information for the refund.
Users might not suspect anything until the very end, as the campaign is designed to avoid arousing suspicion.
“This phishing campaign highlights how easily trust can be manipulated through familiar branding and urgency. By imitating CapCut’s/Apple’s identity and dangling the threat of unwanted charges, attackers guide victims through a seamless two-stage credential theft process. The use of a fake verification step at the end is a subtle yet strategic move to delay suspicion and extend the attack window,” Cofense said.
Best defense? Skepticism, the company said. Upon receiving a similar email, do the following:
- Carefully check URLs
- Question unexpected prompts for sensitive information
- Report suspicious messages
Your email address will not be published. Required fields are markedmarked