Phishing emails, and the more personally tailored spear phishing emails are the most common way that people and companies are tricked into downloading malware such as ransomware or keystroke logging malware used to steal information from the victim for purposes of identity theft. Effective phishing emails will appear to be legitimate and lure victims into downloading malware filled attachments or clicking on links tainted with malware.
Reproduced below is a new phishing email presently being circulated that is one of the worst examples of a phishing email. It purports to be from the Apple Store informing the recipient that his or her account has been used to make a purchase and urges the targeted victim to download an attachment if they did not make the purchase.
As regular readers of Scamicide have seen, many of the phishing emails we have shown you over the years are quite convincing, however this particular email is so filled with indications that it is phony, it is hard to imagine someone falling for the scam although I am sure some people will do so.
The email address of the sender has nothing to do with Apple which is an early indication that this is a scam. There is no logo that appears on the email and the email is not addressed to anyone in particular nor does it indicate an account number. Finally, their are spelling errors and horrible grammatical errors throughout the email.
Here is a copy of the email that is presently circulating.
“[ApplePay] – iTunes was used to purchase in App Store on Macbook Pro 13
Date and time: 27 May 2017 10.32 hrs
Order number: MQ3N7F0G8Q
OS: OS X 10.12.4
Location: New York, United States of America
If the information looks familiar, you can ignore this email.
If you have not recently purchased an article or in-apps apps on a MacBook Pro 13 “
With its appIe lD and thinking that your account has been accessed,
Please read our binding and follow the instuction to back up your account.
AppIe account department
Copyright @ 1998-2017. 2211 N 1st St, San Jose, CA 95131, USA. All rights reserved.”
Whenever you get any email that attempts to lure you into downloading an attachment or clicking on a link, you should be skeptical and never consider doing so unless you have absolutely confirmed that the email is legitimate. Also, look for telltale signs that the email is a phishing email by examining the address of the sender, the spelling and grammar and a lack of your account number or name appearing although in more professionally done spear phishing emails real account numbers and your name might be used which is why it is always imperative to never click on links or download attachments unless you are totally convinced that the email is not phony.