Scam of the day – January 20, 2015 – Apple phishing scam

I receive the same phishing emails that you do and so when I do get one, I like to pass on a warning to everyone.  Today’s scam email came with “Please confirm your identity” on the subject line.  The email purported to be from Apple and, like all phishing emails, its goal was to lure the victim into either directly providing personal information or to get the potential victim to click on a link in the email that will download keystroke logging malware that would enable the identity thief to steal personal information from the victim’s computer or other electronic device.  Unlike many other phishing emails which are easy to spot because the email address from which it is sent carries the email address of an unwary computer user whose email account has been hacked and used as a part of a botnet to send out these phishing emails, this one came from a legitimate appearing email address of “online@Apple.com.”  However, as you can see from the email, which is reproduced below, the email itself hardly reads as a legitimate communication from Apple nor did it contain any logo or appear official.  If I had clicked on the link where it indicates “Verify Now” I would have either been prompted to provide personal information that would be used to make me a victim of identity theft or, as I indicated earlier, I would have downloaded keystroke logging malware that would steal that and other information from my computer and use it to make me a victim of identity theft.  Here is a copy of what I received.  DO NOT CLICK ON THE LINK.

“The following information for your Apple ID was updated on

Shipping and/or billing address

Please confirm your identity today or your account will be Disabled

due to concerns we have for the safety and integrity of the Apple Community.

To confirm your identity, we recommend that you go to:

Verify Now >”

TIPS

Because you can never be sure when you receive an email that asks for personal information or requires you to click on a link for whatever reason that the email is legitimate, the only course of action to follow is to not click on the link or provide any information in direct response to the email.  In this case, it was obvious that this email was a scam so I just ignored it.  If, however, you have any thought that the email might be legitimate, you should merely go directly to the real website of the company or person sending you the email or call them on the phone at a number that you know is legitimate to confirm whether or not the email is legitimate.

Scam of the day – August 26, 2012 – Apple ID password scam

For many years, Apple product owners felt somewhat secure that they were less apt to be the target of computer scams than  owners of PCs where most scammers and identity thieves had been focusing their attention.  However, as exemplified by a new scam designed to obtain Apple users’ IDs, this is no longer the case.  The new scam is a phishing scam by which you receive a phony email that informs you that there is a problem with your Apple ID.  These emails look quite similar to the email you would get when you reset your Apple ID password and look legitimate.  They are not.  The link in the email will take you to a phony website that will solicit information from you that can make you a victim of identity theft as well as download malware on your computer that can steal personal information from your computer.

TIPS

Never click on a link from a source you are not absolutely sure is accurate.  If you receive such an email as described above and believe there is a possibility that it might be legitimate, contact Apple at an email address or telephone number that you know is accurate to find out if the communication sent to you is accurate.  You will find that it is not.  Some more advanced browsers will allow you to hold your mouse over the link on the phony email and the real URL that you will be taken to will be shown.  If it shows a different URL than that of the link or does not name the legitimate company, you can be sure that it is a scam.  Of course, make sure that you do NOT click on the link as to do so will put you at great danger of identity theft.