Ask Dave Taylor
  • Facebook
  • Instagram
  • Linkedin
  • Pinterest
  • Twitter
  • YouTube
  • Home
  • YouTube Videos
  • Top Categories
  • Subscribe via Email
  • Ask A Question
  • Meet Dave
  • Home
  • Computer & Internet Basics
  • Updated Section 9 Security Policy: An Apple ID Scam?

Updated Section 9 Security Policy: An Apple ID Scam?

December 8, 2013 / Dave Taylor / Computer & Internet Basics, Spam, Scams & Security / 3 Comments

I received email from Apple that I’d “violated section 9 of their security code” and that I needed to revalidate my temporarily frozen account. I’m suspicious, what’s this email all about?

You are smart to be skeptical because this email, and pretty much every message you get that’s similar, is a scam. In fact, there’s a specific name for this sort of thing: a phishing scam. The idea is that the bad guys behind the campaign build a perfect mock-up of a real sign-in page, then use various channels to drive unsuspected customers to that page. Without knowing any better, those customers log in using their real credentials and get a generic message like “approved”. Meanwhile, in the background the criminals just got login and password info and as quickly as they can, they log in to those accounts and change the password and confirmation questions. If you have a credit card tied to your account then you’re really in trouble as they could buy hundreds – or thousands – of dollars worth of music, movies, apps, in-app purchase codes, even gift cards, before you realize and shut things down.

As a result, the smart strategy with ANY sort of “confirmation” request is to simply delete it. Or, if you think that there’s even a tiny chance it’s legit, go into that site through its standard home page or app (with the iTunes Store and Apple ID, that’d be through the iTunes program) and check your account status that way. No rocket science involved.

There are also strategies you can use with specific emails too, including this one, so let’s have a look more closely at it.

Here’s the message I received on my Gmail account, which is odd by itself because that’s not the email address I have associated with my own Apple ID. Still, not impossible, so here it is:

Apple ID frozen account scam

Looks quite legit, though if you’re really nitpicky you might notice that the spacing around some of the commas and other punctuation is a bit peculiar. But who reads things that closely?

Here’s the first rule of avoiding being adversely impacted by these phishing scams, however: always check the link before you click on it.

In this case it’s the “Verify Now >” link jumping out for attention. If I move my cursor over it, the Web browser (in this case “Safari”) shows where I’d go on the status bar:

preview of url link before clicking

“http://www.yongcharefoundry.org”? Certainly doesn’t sound like a link that Apple would use, does it?

In fact, that’s more than enough to know it’s a scam and delete the message.

But let’s say you did get suckered and clicked on the link. What would you find?

Typically, a very legit looking sign on screen:

phishing but legit looking apple id login screen

Again, a slight hiccup on the punctuation and capitalization, but quite legit looking, especially on first glance.

Except for this, and it’s a bit hard to read here, the URL of this particular page:

crazy long domain name

I’ll duplicate it here in text:

apple.com.update.information.cmd.login.submit.dispatccode4145533wwerr2ddaa2d2f2f20canfifrq2wds.
sanithen.webd.pl/…

Look quickly and “apple.com” is correct. But what’s the rest of this domain name? It’s a trick to hide the real domain name, which is always rightmost, not leftmost. So it’s actually “webd.pl”. And “.pl” is Poland. Pretty darn sure that Apple’s not going to be using a generic web hosting firm on Poland for its password verification system, agreed?

Again, caveat emptor: beware, beware, beware. Skepticism is a very healthy thing with all the criminals online and if you do think you might have messed up and been suckered by one of these phishing scams, then RIGHT NOW go and change your password and verify your security questions for every potentially affected account. Far, far easier than losing control of it.

Be careful out there, gang.

Let’s Stay In Touch!

Never miss a single article, review or tutorial here on AskDaveTaylor, sign up for my fun weekly newsletter!
Name: 
Your email address:*
Please enter all required fields
Correct invalid entries
No spam, ever. Promise. Powered by FeedBlitz
Please choose a color:
Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!
account theft, apple id, avoiding phishing scams, detecting phishing scams, itunes store id, online scam, online theft, phishing mail, phishing scam, stealing account id

3 comments on “Updated Section 9 Security Policy: An Apple ID Scam?”

  1. Updated Section 9 Security Policy: An Apple ID Scam? | | SecurityProNews says:
    December 12, 2013 at 8:10 am

    […] Comments […]

    Reply
  2. Jennifer says:
    December 11, 2013 at 10:42 pm

    Dave – did you get the comment I sent you? Or, will I be retyping tomorrow after the night insists on ending?

    Reply
    • Dave Taylor says:
      December 11, 2013 at 10:48 pm

      Huh? What comment? Not sure what you’re talking about here…

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Recent Posts

  • How Do I Convert a Webp Graphics into a PNG in Windows?
  • How Can I Delete My Phone from My Mom’s Mitsubishi Outlander?
  • How Do You Lower the Volume on Apple Watch Alerts?
  • How do I Schedule a Google Meet call with Colleagues?
  • How Can I Add My Pronouns to my Instagram Account Profile?

On Our YouTube Channel

Tonor ORCA-001 USB Desktop Microphone -- REVIEW

ONFORU Outdoor Bluetooth LED Light-Up Lantern Speakers -- REVIEW

Categories

  • AdSense, AdWords, and PPC Help (106)
  • Amazon, eBay, and Online Shopping Help, (161)
  • Android Help (201)
  • Apple iPad Help (145)
  • Apple Watch Help (53)
  • Articles, Tutorials, and Reviews (344)
  • Auto Tech Help (12)
  • Business Advice (199)
  • Chrome OS Help (25)
  • Computer & Internet Basics (764)
  • d) None of the Above (165)
  • Facebook Help (383)
  • Google, Chrome & Gmail Help (180)
  • HTML & Web Page Design (245)
  • Instagram Help (48)
  • iPhone & iOS Help (607)
  • iPod & MP3 Player Help (173)
  • Kindle & Nook Help (93)
  • LinkedIn Help (85)
  • Linux Help (166)
  • Linux Shell Script Programming (87)
  • Mac & MacOS Help (894)
  • Most Popular (16)
  • Outlook & Office 365 Help (26)
  • PayPal Help (69)
  • Pinterest Help (53)
  • Reddit Help (18)
  • SEO & Marketing (81)
  • Spam, Scams & Security (92)
  • Trade Show News & Updates (23)
  • Twitter Help (217)
  • Video Game Tips (66)
  • Web Site Traffic Tips (62)
  • Windows PC Help (922)
  • Wordpress Help (204)
  • Writing and Publishing (72)
  • YouTube Help (46)
  • YouTube Video Reviews (159)
  • Zoom, Skype & Video Chat Help (57)

Archives

Social Connections:

Ask Dave Taylor


Follow Me on Pinterest
Follow me on Twitter
Follow me on LinkedIn
Follow me on Instagram


AskDaveTaylor on Facebook



microsoft insider mvp


This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to our terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. Our lawyer says "Thanks for your cooperation."
© 2022 by Dave Taylor. "Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.
Privacy Policy - Terms and Conditions - Accessibility Policy