I receive the same phishing emails that you do and so when I do get one, I like to pass on a warning to everyone. Today’s scam email came with “Please confirm your identity” on the subject line. The email purported to be from Apple and, like all phishing emails, its goal was to lure the victim into either directly providing personal information or to get the potential victim to click on a link in the email that will download keystroke logging malware that would enable the identity thief to steal personal information from the victim’s computer or other electronic device. Unlike many other phishing emails which are easy to spot because the email address from which it is sent carries the email address of an unwary computer user whose email account has been hacked and used as a part of a botnet to send out these phishing emails, this one came from a legitimate appearing email address of “online@Apple.com.” However, as you can see from the email, which is reproduced below, the email itself hardly reads as a legitimate communication from Apple nor did it contain any logo or appear official. If I had clicked on the link where it indicates “Verify Now” I would have either been prompted to provide personal information that would be used to make me a victim of identity theft or, as I indicated earlier, I would have downloaded keystroke logging malware that would steal that and other information from my computer and use it to make me a victim of identity theft. Here is a copy of what I received. DO NOT CLICK ON THE LINK.
“The following information for your Apple ID was updated on
Shipping and/or billing address
Please confirm your identity today or your account will be Disabled
due to concerns we have for the safety and integrity of the Apple Community.
To confirm your identity, we recommend that you go to:
Verify Now >”
Because you can never be sure when you receive an email that asks for personal information or requires you to click on a link for whatever reason that the email is legitimate, the only course of action to follow is to not click on the link or provide any information in direct response to the email. In this case, it was obvious that this email was a scam so I just ignored it. If, however, you have any thought that the email might be legitimate, you should merely go directly to the real website of the company or person sending you the email or call them on the phone at a number that you know is legitimate to confirm whether or not the email is legitimate.