A friend messaged me about a website he found. “Hey,” he wrote, “I saw a preorder site that says ‘guaranteed iPhone 17 before everyone else’, but it only asks for card details and shipping fee up front. Seems too good to be true.”
His suspicion was completely justified. That single website is part of a much larger trend, the very kind of scam that Kaspersky warns is now a global problem. To capitalise on the hype for Apple’s iPhone 17, scammers are launching fake websites, fake lotteries, and “tester” recruitment ploys. They build these schemes specifically to harvest your money and personal data.
Common Scam Tactics and How They Work
Here is a breakdown of the most frequent schemes scammers use:
- Fraudulent Preorder Sites: Scammers create websites that impersonate official stores, promising priority access if you preorder. When you enter your payment details, they steal your financial information without ever sending a product.
- Fake Giveaways and Lotteries: Headlines like “Win a Free iPhone!” are designed to lure you in. The scam requires you to complete a survey and then pay fraudulent “delivery fees” or “service charges,” but the prize never materialises.
- Phony “Tester” Programs: Scammers offer you early access to a new product by inviting you to be a “tester.” They use this pretext to collect your personal information and charge for shipping, but you only receive more spam and phishing emails in return.
According to Tatyana Shcherbakova of Kaspersky, these schemes have evolved beyond the unsophisticated phishing attempts of the past. She warns that scammers now create highly polished websites, complete with fake customer reviews, making them convincing enough to fool anyone who isn’t paying close attention.
Preorder Scams Are Just the Tip of the Iceberg
To combat the growing threat of online fraud, Kaspersky recently enhanced its Digital Footprint Intelligence (DFI) service by adding a new External Attack Surface Module.
This new module is significant because scammers frequently exploit the weak points in a company’s external attack surface. These vulnerabilities, such as fake websites, expired domains, or poorly configured infrastructure, create opportunities for attack.
The module helps organisations actively monitor their exposed digital presence, including forgotten domains, expired certificates, and shadow IT. This serves as a critical reminder that fake preorder sites don’t appear randomly; they capitalise on a disorganised digital footprint.
How One Click Leads to Crisis
Consider this scenario: You’ve saved up for the iPhone 17 and click a preorder link from a professional-looking ad to enter your payment details. The fraudulent site is so convincing that you overlook subtle misspellings in the domain name or unfavourable terms buried in the fine print. Weeks later, your phone never arrives, but you discover a charge on your bank statement, perhaps alongside mysterious, recurring subscription fees.
Worse, the criminals now have all the personal data you provided: your address, email, and credit card information. They can use this data for more phishing schemes or sell it online. This is how a brief moment of excitement can lead to severe consequences like identity theft and financial fraud.
How to Stay Sharp (Because You’re Not a Target; You’re a Potential Victim)
To not fall for this kind of scam, Kaspersky suggests:
- Preorder only via Apple’s official site, authorised resellers, or trusted carriers.
- Double-check the URL: look for misspellings, odd extra words, or subdomains pretending to be Apple.
- Ignore unsolicited messages/packages that promise freebies, survey rewards, or “tester” roles in exchange for fees or personal data.
- Watch account activity for unexpected charges or login attempts.
A Proactive Defence Against Preorder Scams
Scammers expertly manipulate the powerful emotions of preorder season, the intense anticipation, the desire to be first, and the social media buzz. They capitalise on this collective rush, turning public enthusiasm into their personal opportunity.
However, you can build a strong defence with the right approach. An effective security strategy combines corporate tools with individual caution. For companies, solutions like the External Attack Surface module are vital for securing their digital assets. For individuals, vigilant awareness is your primary defence, because once scammers steal your data, reversing the damage is incredibly difficult.
If you are waiting for the iPhone 17, channel your excitement into diligence rather than acting on blind impulse. Inspect before you click. Verify before you pay.
