“Scammers are trying a new way of deceiving people in a bid to steal Apple login information,” Joe Pinkstone reports for The Daily Mail. “The phishing email appears to be from Spotify and says the user has purchased a year’s Premium subscription for $150.99 (£115).”
“A hyperlink in the email is labelled as ‘review your subscription’ and takes the user through to an official-looking site branded with Apple logos. This phoney site is designed to dupe people into submitting their Apple login and password which goes straight through to the hackers,” Pinkstone reports. “This information may give them unrestricted access to Apple Pay, pictures, videos and personal information.”
“The email and subsequent website are both well-designed and look official, but there are some key points that reveal the setup as a sham. Careful observation of the messages and site is crucial in spotting any fraudulent emails and can help avoid the common pitfalls,” Pinkstone reports. “Confusion between the Apple and Spotify brands, for example, is an indicator the email is a hoax and no HTTPS are also giveaways. ”
Read more, and see the screenshots, in the full article here.
MacDailyNews Note: Via Apple’s support pages:
If you receive a phishing email or text message
Scammers try to copy email and text messages from legitimate companies to trick you into entering personal information and passwords. Never follow links or open attachments in suspicious or unsolicited messages. If you need to change or update personal information, contact the company directly.
These signs can help you identify phishing scams:
• The sender’s email address or phone number doesn’t match the name of the company that it claims to be from.
• Your email address or phone number is different from the one that you gave that company.
• The message starts with a generic greeting, like “Dear customer.” Most legitimate companies will include your name in their messages to you.
• A link appears to be legitimate but takes you to a website whose URL doesn’t match the address of the company’s website.*
• The message looks significantly different from other messages that you’ve received from the company.
• The message requests personal information, like a credit card number or account password.
• The message is unsolicited and contains an attachment.Report phishing attempts and other suspicious messages to Apple
To report a suspicious email, forward the message to Apple with complete header information. To forward the email: In macOS Mail, select the email and choose Forward As Attachment from the Message menu at the top of your computer screen.
These email addresses are monitored by Apple, but you might not receive a reply to your report.
• If you receive what you believe to be a phishing email that’s designed to look like it’s from Apple, please send it to reportphishing@apple.com.
• To report spam or other suspicious emails that you receive in your iCloud.com, me.com, or mac.com Inbox, please send them to abuse@icloud.com.
• To report spam or other suspicious messages that you receive through iMessage, tap Report Junk under the message.*To confirm the destination of a link on your Mac, hover your pointer over the link to see the URL in the status bar. If you can’t see the status bar in Safari, choose View>Show Status Bar. On your iOS device, touch and hold the link.
More info here.
[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]
Just this second got one.
I’ve received 2 within the last week or so and one late last night. I wonder if Apple is doing anything to kill this as I and mostly likely many others have sent this off to Apple’s report phishing address. It came from the exact email address as the first and was in my inbox after having marked the first as Junk.
I got one last week and notified the real company involved and told them their good name had been used. They got back to me immediately and thanked me for the heads up. The email address was not from Apple. Deleted it and moved on.
Curiously, I had one today from a mythical “Apple iStore.”
“Hello, New Activity we have notification problem in biIIing account on October, 21 2018. About confirming the latest short message, please download or open the following details for fuII details.” The grammar and punctuation are suspiciously poor, very unlike Apple’s. Then, tap to download an innocent-looking PDF.
I wonder how many people fall for something like this? Obviously, enough to make a criminal enterprise profitable. Very little has changed, I see, from the days before Al Gore invented the Internet, before Tim Berners-Lee invented the World Wide Web. In those days, only government agencies and universities used the email protocol. I remember ancient e-mail clients like Pine, and feeling shocked about receiving unsolicited messages about penile enlargement and the like. ftp, the file transfer protocol, was unsecured for a long time, so hackers had a field day harvesting information from unsuspecting network users.
There are well over a million thieves out there making a good living with our data. Even semiliterate bumblers like my “Apple iStore” correspondent, whom I think of as an impoverished teenager in Asia just now learning the ropes, can find marks if they send out enough messages.
In my exalted opinion, people who fall for spam/scam/sham operations have only themselves to blame. In this day and age, they’ve been warned time and again (ever since Charles Dickens) about pickpockets, yet they persist in their carelessness. I think of this as the non-lethal category of the Darwin Awards.