“A hyperlink in the email is labelled as ‘review your subscription’ and takes the user through to an official-looking site branded with Apple logos. This phoney site is designed to dupe people into submitting their Apple login and password which goes straight through to the hackers,” Pinkstone reports. “This information may give them unrestricted access to Apple Pay, pictures, videos and personal information.”
“The email and subsequent website are both well-designed and look official, but there are some key points that reveal the setup as a sham. Careful observation of the messages and site is crucial in spotting any fraudulent emails and can help avoid the common pitfalls,” Pinkstone reports. “Confusion between the Apple and Spotify brands, for example, is an indicator the email is a hoax and no HTTPS are also giveaways. ”
Read more, and see the screenshots, in the full article here.
MacDailyNews Note: Via Apple’s support pages:
If you receive a phishing email or text message
Scammers try to copy email and text messages from legitimate companies to trick you into entering personal information and passwords. Never follow links or open attachments in suspicious or unsolicited messages. If you need to change or update personal information, contact the company directly.
These signs can help you identify phishing scams:
• The sender’s email address or phone number doesn’t match the name of the company that it claims to be from.
• Your email address or phone number is different from the one that you gave that company.
• The message starts with a generic greeting, like “Dear customer.” Most legitimate companies will include your name in their messages to you.
• A link appears to be legitimate but takes you to a website whose URL doesn’t match the address of the company’s website.*
• The message looks significantly different from other messages that you’ve received from the company.
• The message requests personal information, like a credit card number or account password.
• The message is unsolicited and contains an attachment.
Report phishing attempts and other suspicious messages to Apple
To report a suspicious email, forward the message to Apple with complete header information. To forward the email: In macOS Mail, select the email and choose Forward As Attachment from the Message menu at the top of your computer screen.
These email addresses are monitored by Apple, but you might not receive a reply to your report.
• If you receive what you believe to be a phishing email that’s designed to look like it’s from Apple, please send it to email@example.com.
• To report spam or other suspicious emails that you receive in your iCloud.com, me.com, or mac.com Inbox, please send them to firstname.lastname@example.org.
• To report spam or other suspicious messages that you receive through iMessage, tap Report Junk under the message.
*To confirm the destination of a link on your Mac, hover your pointer over the link to see the URL in the status bar. If you can’t see the status bar in Safari, choose View>Show Status Bar. On your iOS device, touch and hold the link.
More info here.
[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]