Online criminals have wasted no time in exploiting Friday's much-hyped launch of the iPhone.
The Sans Internet Storm Centre has warned of an email scam that lures users with the promise of a free iPhone.
A second attack uses a mixture of social engineering, malware and cross-site scripting to defraud victims.
The attack is launched when a user visits a specially crafted web page that attempts to exploit a number of previously disclosed vulnerabilities in Internet Explorer 6 and 7 to install a Trojan application.
Normally, www.iphone.com will redirect to Apple's iPhone page, but the Trojan spoofs the iPhone.com domain name and directs users to a fake retail site claiming to be iphone.com and using Apple's logo and iPhone images.
After filling out the fake order forms, users are instructed to send payment via wire transfer to an address in Latvia in order to receive the iPhone.
Eric Sites, chief technology officer at Sunbelt Software, urged users to install the latest security updates for their browser and operating system, and use firewall and antivirus software.
The attack currently targets Internet Explorer, but Thomas said that Firefox users should also be vigilant, as the group believed to be behind the attacks has used Firefox exploits in the past.
In fear of future shortage - or in preparation for its own electric car project?
New Spectre microcode patches released by Intel to fix security flaws in Skylake, Kaby Lake and Coffee Lake CPUs
But if you're running anything older you'll have to wait
Powered by servers based on Qualcomm's scalable 48-core Centriq 2400 10nm CPUs
Malware has been in circulation for more than a year