Most of the email I receive asking me to validate and verify my account details with an online site are clearly either legit or a lame attempt at a phishing attack, an attempt to trick me into revealing private information.
Until the most recent that looks just like an Apple ID confirmation message…
Think about it, how many different sites do you use where you have a login and password, along with a lot of private information, whether it’s your home address, payment information, medical data or an array of phone numbers or, in the most extreme cases, even social security numbers or other governmental information. Dozens upon dozens, if not hundreds.
Which is why hackers love trying to trick us into revealing this information. Done right, a phishing attack (as they’re known) can just sit there and collect this information as people cluelessly enter their private, secret data without any further prompting. I mean, it looks legit, isn’t that all that matters?
Of course you’re smarter than that because you’re a skeptic like me. Right?
And yet, when I received an email this morning from “Apple Computer” with the subject line “Please verify that we have the right address for you” it looked so legit that for a minute I tried to think of whether I’d signed up for a new account and did indeed need to verify some of the details therein.
Here’s how it looked in my inbox:
Looks totally legit, doesn’t it? Well, the lack of a space between “the” and “Apple ID Support site” caught my eye when I looked at it, because Apple doesn’t make those sort of mistakes, so I thought it was odd.
Apple Mail — and just about every other email system out there — can preview a link before you click on it, and that’s darn helpful. DARN helpful.
In this case, here’s what it showed for the “Verify Now” link:
“juanpernia.com”? What the heck?
Whatever site it is (and as you’ll see in a moment it appears to just be a hacked site where they’ve slipped a redirect into the WordPress install there, hence the “/assets” directory), it sure isn’t apple.com. So that instantly marks it as bogus.
But what would happen if you actually clicked on the “Verify Now” link and were taken to the resultant page? You get here:
Gosh, that looks real, doesn’t it?
But a glance at the address bar in the browser reveals the bad news: It’s a site in the Philippines:
Most assuredly not something that’s being run by Apple.
Again, the “/wp-admin/” tells us that it’s a WordPress site at this end too, not that it really matters. That does suggest that it’s a legit business that’s been hacked and is unknowingly hosting this phishing page, with the answers being emailed to yet another system somewhere else, however.
Let’s say you were completely clueless and actually entered your Apple ID and password. It’s not over yet, this ingenious phishing attack, because on the next screen one of the items they ask for is:
Yikes. This would be such a bad thing for you to enter, of course. Worse than entering your Apple ID, actually.
The moral of this story is that you need to be vigilant and suspicious. Whatever a company does to make their email and Web pages look memorable can be ripped off and turned into part of a phishing attack, an attempt to separate you from your vital personal data.
Be skeptical of every message like this. Learn to check URLs as you go along. Look for secure sites using SSL. Or just log in directly to the appropriate site by typing in the URL and then checking to see if there’s a message or pending verification.
And be safe out there.