Just when I've written about a new kind of phishing which can bypass pretty much all known anti-phishing methods, along comes not so much another type, but another target.
Rather than targetting bank users, this one is targetting cellphone accounts.
The email I received was an image, designed to look like a text email from Apple. It claimed that registering your phone by following the link would extend your warranty by 1 year.
This is, of course, designed to look exactly like an Apple-themed email would.
When you click on the link in the image, or in fact, anywhere on the image at all, it takes you to a web page with a form on it.
This form, again, is on an Apple themed page, with many links on the page going directly to Apple's website. Undoubtedly, this page formatting code was lifted directly from Apple, and modified slightly to direct your data to the scammer.
The form asks for 4 pieces of information, although probably only 2 are really necessary to the scammer.
The most important one is the IMEI number. This is the number which uniquely identifies your phone to the phone company. Unfortunately, this number can be cloned to a new phone. That's exactly what these phishers will be trying to do, I'd guess.
If they get a legitimate IMEI number, they can clone it to another phone, then burn up your local minutes, or make long distance calls around the world for free, and it won't be noticed for another month, until you get your next phonebill. Add in a couple of weeks or more of haggling with the phone company, and they've probably got two months of free phonecalls.
It could very well be that they're selling these cloned phones on the black market, stating that service is paid for for a number of months.
It's also possible that they would use these cloned phones to listen to your phone conversations, hoping to gain more personal information to use for more serious identity theft, although that would be much more labour intensive than I would think would be worthwhile.