Scam of the day – January 20, 2015 – Apple phishing scam

I receive the same phishing emails that you do and so when I do get one, I like to pass on a warning to everyone.  Today’s scam email came with “Please confirm your identity” on the subject line.  The email purported to be from Apple and, like all phishing emails, its goal was to lure the victim into either directly providing personal information or to get the potential victim to click on a link in the email that will download keystroke logging malware that would enable the identity thief to steal personal information from the victim’s computer or other electronic device.  Unlike many other phishing emails which are easy to spot because the email address from which it is sent carries the email address of an unwary computer user whose email account has been hacked and used as a part of a botnet to send out these phishing emails, this one came from a legitimate appearing email address of “online@Apple.com.”  However, as you can see from the email, which is reproduced below, the email itself hardly reads as a legitimate communication from Apple nor did it contain any logo or appear official.  If I had clicked on the link where it indicates “Verify Now” I would have either been prompted to provide personal information that would be used to make me a victim of identity theft or, as I indicated earlier, I would have downloaded keystroke logging malware that would steal that and other information from my computer and use it to make me a victim of identity theft.  Here is a copy of what I received.  DO NOT CLICK ON THE LINK.

“The following information for your Apple ID was updated on

Shipping and/or billing address

Please confirm your identity today or your account will be Disabled

due to concerns we have for the safety and integrity of the Apple Community.

To confirm your identity, we recommend that you go to:

Verify Now >”

TIPS

Because you can never be sure when you receive an email that asks for personal information or requires you to click on a link for whatever reason that the email is legitimate, the only course of action to follow is to not click on the link or provide any information in direct response to the email.  In this case, it was obvious that this email was a scam so I just ignored it.  If, however, you have any thought that the email might be legitimate, you should merely go directly to the real website of the company or person sending you the email or call them on the phone at a number that you know is legitimate to confirm whether or not the email is legitimate.

Leave a Reply

Your email address will not be published. Required fields are marked *