Watch out for emails that market free event tickets, passes or electronic gift cards. These bogus emails include a file attachment that ends with .pkpass (shown in picture above). These .pkpass files are a special type of archive file that packages up data and files. Typically when you open a .pkpass file, it adds information to your Apple Wallet. Hackers can create fake files that look like electronic tickets to events or tickets for services. They can also create files that look like digital gift cards.

An innocent victim normally opens the .pkpass archive by double-clicking on the email attachment. Double-clicking on the archive launches code that then installs fake tickets, passes or digital cards into the victim’s digital wallet on their iPhone. The danger is that hackers embed malicious links in these files that infect the person’s device with malware or redirects them to malicious websites that steal their personal data. The process is often seamless and goes undetected by the victim until it is too late.

Always proceed with caution when receiving emails that include file attachments. Phishing email attacks are one of the most common and effective methods that hackers use to trick innocent victims. Simply delete suspicious emails from strangers without clicking on them or opening the file attachments. Also make sure that you keep your devices up-to-date by downloading and installing system updates as soon as they are released. Stay safe out there!