Phishing emails "notify" victims of an active $50 subscriptionVictims can "cancel" the subscription, by clicking on a link in the email bodyThe link leads to a fake login page where Apple ID credentials are harvestedCybercriminals are impersonating a popular video editing app to steal people’s Apple ID logins, security researchers are warning.Earlier this week, the security outfit Cofense warned about spotting a new phishing campaign. In it, the attackers would spoof CapCut, a video and graphic editing app developed by ByteDance, the company behind TikTok.CapCut is immensely popular, boasting hundreds of millions active users. It offers both a free tier, and a paid tier, which is what the attackers are now abusing.Get 55% off Incogni's Data Removal service with code TECHRADAR Wipe your personal data off the internet with the Incogni data removal service. Stop identity thievesand protect your privacy from unwanted spam and scam calls.View DealStealing credentialsThe spoofed email imitates CapCut’s branding to boost legitimacy, and “notifies” the victim that they just subscribed to the paid version, costing $50.Further in the email, the victim is offered to “cancel subscription” if it was made by mistake.With many mobile apps charging for their services by default, it’s not completely irrational to trust the email, and rush to cancel the subscription.However, clicking on the link redirects the victim to a fake Apple login page, where they are asked to provide their Apple ID credentials.These credentials are then relayed to the attackers, which they can use to access people’s images, messages, and other sensitive data. They can also use it to make purchases, causing direct financial harm, as well.The best way to defend against these attacks, Cofense says, is to be skeptical of all incoming emails, especially those that require people to urgently do something:“This phishing campaign highlights how easily trust can be manipulated through familiar branding and urgency. By imitating CapCut’s/Apple’s identity and dangling the threat of unwanted charges, attackers guide victims through a seamless two-stage credential theft process,” the researchers explain.“The use of a fake verification step at the end is a subtle yet strategic move to delay suspicion and extend the attack window. As always, skepticism is a critical defense—check URLs carefully, question unexpected prompts for sensitive information, and report suspicious messages.”Via CybernewsYou might also likeScammers have a new phishing trick for iPhone users – here’s how to avoid falling victimTake a look at our guide to the best authenticator appWe've rounded up the best password managers