Did you get an email from Apple saying that your Apple ID was used to open an iCloud session from an unauthorized device? Beware, it’s probably a phishing attack from someone trying to steal your account information. Here’s how to tell…
If Sherlock Holmes were alive today, he’d be a great person to have go through your email inbox and spam folder to ascertain which messages are legitimate and which are spam, scams, malware or phishing attacks. For the rest of us, a close examination for tiny clues is all we have to protect ourselves from third party sites poised to cause trouble or even steal your personal information.
A great example is an email I received this evening from Apple stating that my credit card had been declined as part of someone using my Apple ID to open an unauthorized iCloud session. What? Maybe it’s legit, I mean I connect new devices to my Windows, Google, and Apple accounts all the time as devices come in and need to be tested.
But before I click on any link in any email, I put on my deerstalker cap and pull out my pipe. It’s time to have a close look…
To start, here’s the email:
Looks legit on first glance, but a few things pop out, including two typos. Can you find them?
The first is “anauthorized” and the second is “autorisation”, in case you’re stuck.
Look at the very bottom too:
I’m based in the United States, why would I get an email from Luxembourg with this information?
Where the phishing attempt really reveals, however, is by looking at where the “Verify now” link points. This can easily be done in Apple Mail by putting the cursor over the link and then waiting a second or two:
I’m quite confident that Apple Computer wouldn’t use nexuswholesalemarketing.com for its logins and verification process. Agreed?
Still, let’s keep looking. Check out the actual email address:
Again, Apple’s not going to be sending email from @login.com in my opinion!
Worst case, you click through to “Verify” your Apple ID. What happens? Here, this is what you get:
Look really closely. One of my favorite typos shows up here.
What does the blue button say?
Ready to do that? Turn on that mic, let’s click on the button (after having entered any combination of words because of course the site doesn’t check login data to verify it) and see where we get…
It’s rather confusing at this point what actually transpired to get to this point, isn’t it? Did someone add or change an email? Did someone sign in to iCloud with a bad credit card? What’s going on here?? 🙂
What’s for sure is that this is a big, bogus, and poorly executed phishing attack that could still trick people into revealing information that would let someone else hijack their account. And that’s bad.
So my advice remains: be vigilant, suspicious and skeptical. Because that’s all that’s between you and having bad guys steal your data or take over your computer or even identity.
Oh, and to leave things on a positive note, there is this set of options for resetting your security question that I found quite amusing:
No idea where that came from, but if you get to this point, it’s already too late. 🙂
Actually it’s not. If you ever get to a highly suspicious page like this, immediately quit your browser, restart, and log in to the real Apple site by typing in its URL. Then change your password.