Scam of the day – January 31, 2017 – Apple phishing scam

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which download malware or  trick you into providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.

Reproduced below is a copy of an Apple phishing email that uses the common ploy of indicating that there is a security problem that requires you to verify personal information for security purposes.   There are a number of telltale flaws in this particular   Although the email address from which it was sent appears to be legitimate, upon closer examination you can determine it is not an official email address of Apple.  Also, although the email is quite short, it contains numerous grammatical errors.  In addition, the salutation reads “Dears” rather than “Dear” and the email concludes with “Worm regards” rather than “Warm regards.”   Most telling, the email is not directed to you by name and does not contain your account number in the email.  It is important to remember that merely because the email contains an Apple logo, which is not reproduced below, the exact logo of Apple does not mean that the communication is legitimate.  It is easy to obtain a copy of the logo on the Internet.

“Dears,
Your AppIe id was used in from an unauthorized computer.
As the new protection policy has been followed, we have no choice but to put your id on hold.We advise you to update your id soon to avoid permanent account closing.                                                                                     your code is 4M7801DLLA16A                                                                                       Update Now >
Wondering why you got this email?
It’s sent when someone adds or changes a contact email address for an AppIe ID . If you didn’t do this, don’t worry. Your email address cannot be used as a contact address for an AppIe ID without your verification.
Worm Regards,
AppIe Team”

TIPS

Obviously if you do not have an account with Apple you know that this is a phishing scam, but even if you do have an account with Apple, as I indicated above there are a number of indications that this is not a legitimate email from Apple, but instead is a phishing email. Legitimate companies would refer to your specific account number in the email.  They also would specifically direct the email to you by your name.  This email’s salutation is a generic “Dears” without an “s” that should not be there.

As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the customer service number  for Apple where you can confirm that it is a scam.

Scam of the day – January 20, 2015 – Apple phishing scam

I receive the same phishing emails that you do and so when I do get one, I like to pass on a warning to everyone.  Today’s scam email came with “Please confirm your identity” on the subject line.  The email purported to be from Apple and, like all phishing emails, its goal was to lure the victim into either directly providing personal information or to get the potential victim to click on a link in the email that will download keystroke logging malware that would enable the identity thief to steal personal information from the victim’s computer or other electronic device.  Unlike many other phishing emails which are easy to spot because the email address from which it is sent carries the email address of an unwary computer user whose email account has been hacked and used as a part of a botnet to send out these phishing emails, this one came from a legitimate appearing email address of “online@Apple.com.”  However, as you can see from the email, which is reproduced below, the email itself hardly reads as a legitimate communication from Apple nor did it contain any logo or appear official.  If I had clicked on the link where it indicates “Verify Now” I would have either been prompted to provide personal information that would be used to make me a victim of identity theft or, as I indicated earlier, I would have downloaded keystroke logging malware that would steal that and other information from my computer and use it to make me a victim of identity theft.  Here is a copy of what I received.  DO NOT CLICK ON THE LINK.

“The following information for your Apple ID was updated on

Shipping and/or billing address

Please confirm your identity today or your account will be Disabled

due to concerns we have for the safety and integrity of the Apple Community.

To confirm your identity, we recommend that you go to:

Verify Now >”

TIPS

Because you can never be sure when you receive an email that asks for personal information or requires you to click on a link for whatever reason that the email is legitimate, the only course of action to follow is to not click on the link or provide any information in direct response to the email.  In this case, it was obvious that this email was a scam so I just ignored it.  If, however, you have any thought that the email might be legitimate, you should merely go directly to the real website of the company or person sending you the email or call them on the phone at a number that you know is legitimate to confirm whether or not the email is legitimate.