Scam of the day – May 30, 2017 – Apple iTunes phishing scam

Phishing emails, and the more personally tailored spear phishing emails are the most common way that people and companies are tricked into downloading malware such as ransomware or keystroke logging malware used to steal information from the victim for purposes of identity theft. Effective phishing emails will appear to be legitimate and lure victims into downloading malware filled attachments or clicking on links tainted with malware.

Reproduced below is a new phishing email presently being circulated that is one of the worst examples of a phishing email.   It purports to be from the Apple Store informing the recipient that his or her account has been used to make a purchase and urges the targeted victim to download an attachment if they did not make the purchase.

As regular readers of Scamicide have seen, many of the phishing emails we have shown you over the years are quite convincing, however this particular email is so filled with indications that it is phony, it is hard to imagine someone falling for the scam although I am sure some people will do so.

The email address of the sender has nothing to do with Apple which is an early indication that this is a scam.  There is no logo that appears on the email and the email is not addressed to anyone in particular nor does it indicate an account number.  Finally, their are spelling errors and horrible grammatical errors throughout the email.

Here is a copy of the email that is presently circulating.

“[ApplePay] – iTunes was used to purchase in App Store on Macbook Pro 13
Date and time: 27 May 2017 10.32 hrs
Transaction: 7BA6818XL0333C2U
Order number: MQ3N7F0G8Q
OS: OS X 10.12.4
Browser: Safari
Location: New York, United States of America
If the information looks familiar, you can ignore this email.
If you have not recently purchased an article or in-apps apps on a MacBook Pro 13 “
With its appIe lD and thinking that your account has been accessed,
Please read our binding and follow the instuction to back up your account.
Best regards,
AppIe account department
Copyright @ 1998-2017. 2211 N 1st St, San Jose, CA 95131, USA. All rights reserved.”
TIPS
Whenever you get any email that attempts to lure you into downloading an attachment or clicking on a link, you should be skeptical and never consider doing so unless you have absolutely confirmed that the email is legitimate.  Also, look for telltale signs that the email is a phishing email by examining the address of the sender, the spelling and grammar and a lack of your account number or name appearing although in more professionally done spear phishing emails real account numbers and your name might be used which is why it is always imperative to never click on links or download attachments unless you are totally convinced that the email is not phony.

Scam of the day – April 5, 2017 – iCloud phishing scam

Reports are surfacing of scammers posing as Apple employees calling people and telling them that there has been a security breach of their iCloud accounts.  They are then instructed to provide their login information in order to receive help in fixing the problem.  Unfortunately, these telephone calls are not from Apple, but from scammers who, when provided with the personal information from their victim, are able to access all of the information and material contained in the victim’s iCloud account for purposes of identity theft, extortion or other nefarious goals.

It was through a similar iCloud phishing scam done through emails that many celebrities including Jennifer Lawrence had nude photos stolen from their iCloud accounts when they turned over their usernames and passwords to hackers.

In the present phone call phishing incarnation of the scam, many of the calls are coming from the 844 area code which is a toll free number used in many instances by scammers.

TIPS

Apple does not contact its customers by phone if there is a security problem.  It is also important to remember that whenever you are contacted by telephone, you can never be sure who is actually making the call which is why you should never provide personal information to anyone over the phone whom you have not called.  Even if your Caller ID indicates the call is legitimate, scammers can use a technique called spoofing to trick your Caller ID into indicating that the call is from a trusted source when, in truth, it is coming from a scammer.

If you do have a problem with any Apple product, you can call Apple tech support at 800-275-2273.

Scam of the day – September 17, 2012 – iPhone 5 scams

Identity thieves take advantage of every major event to their illegal ends and the launching of Apple’s new iPhone 5 is sure to be no exception to this rule.  There will be numerous scams and identity theft schemes revolving around the iPhone 5.  You may receive phony emails, text messages or Facebook messages telling you that you should click on a link to get the new iPhone at a dramatically discounted price.  You may receive phony emails, text messages or Facebook messages to click on a link for special information about the iPhone.  You may go to a  “discounter” who will sell you a new iPhone 5 only to find out that your box is empty or contains a worthless or even dangerous knockoff.  You may even receive an email or text message telling you that you have been selected to test the new iPhone 5 and will receive one free for your services.   They give you a link to click on for further information and details.  All of these are scams.  If you click on any of these links, you will download keystroke logging malware that will steal the information from your computer or other electronic device and make you a victim of identity theft.

TIPS

Never click on links unless you are absolutely sure that they are legitimate.  If you don’t know the source, don’t click on the link and even if you do know the source, it is risky to click on the link because a friend may unwittingly be passing on the malware to you.  Remember even messages that appear to come from your friends may be coming from identity thieves who have hacked into your friend’s email account or Facebook account.  If you want information about the iPhone, go to Apple’s website and if you want to purchase one, go to legitimate, well-established brick and mortar stores.