Jump to content

Beware! Apple IDers being phished? Need Advice.


Recommended Posts

Posted (edited)

Hi I just got an email from "Apple ID"

It is below.

I was going to get my login details when I caught myself.

This is how phishing happens.

I looked for clues:

1. "Apple ID" the sender turned out to be

[email protected]

......not the same as my iCloud bills from [email protected]

2. "2. You make some changes in your account information."

Ungrammatical English?

3."To verify your Apple ID, please login to your Apple ID by click on the link bellow :"

Ungrammatical English?

 

Sure sounds phishy to me.

Others agree?

If so this is a heads up that needs spreading.....

 

 

 

 

 
Dear Apple ID Customer,

For your protection, your Apple ID is automatically disabled.

We detect unauthorized Login Attempts to your Apple ID from other IP location. Please verify your identity today or your account will be disabled due to concerns we have for the safety and integrity of the Apple Community
 

Your account access has been locked for the following reason(s):

 

1. We detect unauthorized login attemps from unknown device.

2. You make some changes in your account information.

What to do Next:


Please Click the login button below then login to your Apple account and provide the requested information before: 2 days: through the Account Review, If we don't receive the information needed before this deadline, your account access may be further locked permanently

To verify your Apple ID, please login to your Apple ID by click on the link bellow :

 
 
 

Sincerely,


Apple ID

 

Apple Inc
Copyright © 2017 Apple Inc. All rights reserved.

 

______________________________________________________________

 

 

 

Edited by cheeryble
Posted (edited)

There was an apple trademark and log in button which haven't appeared in the post.

I've also noticed "bellow" instead of "below"

Guess this makes it a slam dunk.

But it looked kosher enough for a lot of less savvy people to "log in"

Recommended action? Can report?

 

Cheeryble

Edited by cheeryble
Posted

https://support.apple.com/en-us/HT204759

 

Identify and report phishing emails and other suspicious messages

Report phishing attempts and other suspicious messages to Apple

To report a suspicious email, forward the message to Apple with complete header information. In macOS Mail, select the message and choose Forward As Attachment from the Message menu. 
These email addresses are monitored by Apple, but you might not receive a reply to your report.

Posted

Interestingly the email is not up in ?Mail on my iPad. Wonder if it's already been blacklisted will check the MacBook I saw it on tomorrow.


Sent from my iPad using Thaivisa Connect

Posted (edited)

Thanks Jonathan

I note that Outlook has not removed the offending email, and was thinking if I, and perhaps many others, stick it in SPAM Outllook would automatically notice it and take action......

WHOOPS

....was going to say there seems to be no spam box but on Junk I see a drop down and one of the options is Phishing Scam, which I clicked.

One would expect I'm one of many recipients, and I'm surprised that other peoples' phishing reporters have not got this mail deleted yet after 36 hours or more.
Ah well, done my bit....

 

Humph!

went the extra mile and mailed it to [email protected]

Outlook refused to send citing 

Error: The message can't be sent because at least one of the addresses isn't formatted correctly: [email protected]..
Not good (hope that didnt sound Trumpian)
 
 



Sent from my iPad using Thaivisa Connect

Edited by cheeryble
Posted
3 minutes ago, soumanioco said:

Got one exactly the same yesterday morning. It's a scam. 

 

Thanks

edited my post above, cannot report to Apple

Posted
1 minute ago, soumanioco said:

It's credit cards they're after. 

OK

in fact I just sent the same report that wouldn't go in Outlook from gmail and it went 

Posted (edited)

Apple will NEVER write to you addressing you as "Dear Customer" or "Dear Client" or "Dear Apple Customer". Legitimate emails from a bank or something you are subscribed to will always address you by name. This is a quick and easy way to identify a scam.

Edited by Wiggy
Posted (edited)
1 hour ago, cheeryble said:

 

Thanks

edited my post above, cannot report to Apple

appears to be a fullstop after the 'reportfishing' email address you quoted, probably why it didnt send.

 

I had a similar one, where it was an itunes receipt, showing I'd bought a Madonna boxset for about 80 quid....

 

pretty clever this, as immediately you suspect your account has been breached, so you will rush to check your itunes account.

 

Myself I suspected a scam,  looked at the sender address, which looked dodgy, so rather than clicking the link in the email, I manually went to view my account in a browser, just to confirm there was no Madonna purchase...there wasnt :)

Edited by Sigma6
Posted

General rules

1) never click a link in an email that you did not ask for.

2) if an email tells you that there is a problem with your account go to the website of that account by typing the address into your browser URL bar (not google)

3) specially for windows and android users (Apple users too but usually no problem) never open an attachment in email that you did not ask for.

4) windows users, turn on windows defender.

5) keep your system updated.

6) never use the same password twice ( an example good password is "ez9CHNqn3Ubw(Z%5BY/HPx2F9hjn" ) 

 

Posted

You will NEVER receive an email with a "click on the button below to login" from a provider who you are already a customer of. Instead, they will expect you to know to log in the usual way or otherwise contact them. This is without any doubt a scam.

Posted

The latest Ransomware attack semi-disabled Britain's health service.

They recovered very fast thanks to their programmers working all night long, but a huge number of patients were not seen for at least one day.

This will result in pain for many and likely death for some.

An example needs to be made.

I think huge efforts should be made to catch the culprits and extremely severe sentences handed down to the limit of the law.

 

I am a big fan of the NHS.

Someone came on Any Answers the other day.....totally livid saying that the NHS is totally incompetent they use Windows XP which is supposedly very poor on security. He said they should all be fired.

Interestingly the next caller actually worked on IT for the NHS. He said in his area there were 15,000 terminals and only about 5 ran on XP, the reason being they were matched to hardware which was set up for XP.

It was nice to hear some facts.

Posted

Had a rush of the same of late ...one with a convincing sender address. Its usually poor English that gives it away.  God help average folk when they learn propper/formal English ! Paypal to. I think more could be done to block 'new' or unrecognised or  'unusual' addresses including words like applesecurity etc...

Posted

 There is one simple trick you can do to not get phished.

 

1) Do not enter your Apple login information on a site that isn't Apple.

 

Really. It's a simple as that. There is NO EXCUSE for getting phished, and I hope that someday banks will stop refunding phishing victims. When you look at the URL bar, you know if it's ducking Apple or not. If you get phished, you deserve to lose every penny you will lose.

Posted
On 5/15/2017 at 0:55 PM, soumanioco said:

It's credit cards they're after. 

No, it's your Apple password they're after.

Posted

 

 

What was odd was that I had just joined Apple and the phishing email came to my actual Apple ID email address and not to any of my other email addresses.

So where is the leak?

Posted
On ‎5‎/‎19‎/‎2017 at 4:55 PM, HerbalEd said:

No, it's your Apple password they're after.

Don't think so.

Click on the link and you'll reach a page where you're asked to provide all your personal info (Apple ID, password, DOB, address...)

Feel free to fill the boxes using the most fake info imaginable. Click continue.

You're now in a page where all your credit card details are requested for you to proceed. And I mean ALL.

 

You really think it's your password they're after? Besides, so long as you have 2FA enabled -and most do- you have very little to worry about.

 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...