Updated Section 9 Security Policy: An Apple ID Scam?

You are smart to be skeptical because this email, and pretty much every message you get that’s similar, is a scam. In fact, there’s a specific name for this sort of thing: a phishing scam. The idea is that the bad guys behind the campaign build a perfect mock-up of a real sign-in page, then use various channels to drive unsuspected customers to that page. Without knowing any better, those customers log in using their real credentials and get a generic message like “approved”. Meanwhile, in the background the criminals just got login and password info and as quickly as they can, they log in to those accounts and change the password and confirmation questions. If you have a credit card tied to your account then you’re really in trouble as they could buy hundreds – or thousands – of dollars worth of music, movies, apps, in-app purchase codes, even gift cards, before you realize and shut things down.

As a result, the smart strategy with ANY sort of “confirmation” request is to simply delete it. Or, if you think that there’s even a tiny chance it’s legit, go into that site through its standard home page or app (with the iTunes Store and Apple ID, that’d be through the iTunes program) and check your account status that way. No rocket science involved.

There are also strategies you can use with specific emails too, including this one, so let’s have a look more closely at it.

Here’s the message I received on my Gmail account, which is odd by itself because that’s not the email address I have associated with my own Apple ID. Still, not impossible, so here it is:

Looks quite legit, though if you’re really nitpicky you might notice that the spacing around some of the commas and other punctuation is a bit peculiar. But who reads things that closely?

Here’s the first rule of avoiding being adversely impacted by these phishing scams, however: always check the link before you click on it.

In this case it’s the “Verify Now >” link jumping out for attention. If I move my cursor over it, the Web browser (in this case “Safari”) shows where I’d go on the status bar:

“http://www.yongcharefoundry.org”? Certainly doesn’t sound like a link that Apple would use, does it?

In fact, that’s more than enough to know it’s a scam and delete the message.

But let’s say you did get suckered and clicked on the link. What would you find?

Typically, a very legit looking sign on screen:

Again, a slight hiccup on the punctuation and capitalization, but quite legit looking, especially on first glance.

Except for this, and it’s a bit hard to read here, the URL of this particular page:

I’ll duplicate it here in text:

apple.com.update.information.cmd.login.submit.dispatccode4145533wwerr2ddaa2d2f2f20canfifrq2wds.
sanithen.webd.pl/…

Look quickly and “apple.com” is correct. But what’s the rest of this domain name? It’s a trick to hide the real domain name, which is always rightmost, not leftmost. So it’s actually “webd.pl”. And “.pl” is Poland. Pretty darn sure that Apple’s not going to be using a generic web hosting firm on Poland for its password verification system, agreed?

Again, caveat emptor: beware, beware, beware. Skepticism is a very healthy thing with all the criminals online and if you do think you might have messed up and been suckered by one of these phishing scams, then RIGHT NOW go and change your password and verify your security questions for every potentially affected account. Far, far easier than losing control of it.

Be careful out there, gang.