We’ve mentioned in a number of previous posts that scammers love nothing more than a nice well-known brand to help do their dirty work. This week’s scam is a deliciously juicy, Apple-branded email, filled with phishing links.
The Signs of a Bad Apple Scam Email
The scam email is branded to look like an Apple email, although it was certainly not the best I’ve ever seen. The trick that stood out about this phishing email was the urgency of the message.
Phishing is a game. The scammer is a winner If they trick the recipient into doing their bidding. In the case of phishing emails, this is usually to download an attachment or click on a link. Phishers use natural human behaviour to win the game.
In a twist of irony, the focus of this Apple email scam was around a potentially hacked account. The email said that my account had been locked to protect it from possible compromise. And, if I click the link, I can unlock my account.
The scammer designed the email to strike fear into the heart of the recipient – fear that would drive a click on a link. This type of manipulation of natural human instinct is a key technique in the scammer’s portfolio. It is this behaviour that security awareness training focuses on when teaching users to stop and think before they click.
Signs this email was not from Apple Inc.
- The email is clearly not from Apple. The content is poorly composed with many grammatical errors.
- The originating email address was also not from Apple.
- The salutation was my email address and NOT my actual name.
What the Apple Scam Email Contained
The Apple scam email has a link that if clicked takes you to a website. We ran the link URL in a sandbox to find out what this website contained. You can see the results below which show that the website is a critical security threat and contains malware. If anyone who receives this email clicks on the link and goes to that website, they will be at a high risk of malware infection.
Whatever you do, don’t click on the link if you receive an email that looks suspicious. Always type the URL of the website of the brand directly into your browser.
And, always keep your computer and software patched and up to date. This can help mitigate the risk of infection if you do click on a malicious link.
A Side Note About AppleID Sign In With Apple.
Apple Inc. recently announced the release of a new privacy-enhanced AppleID. This new version of AppleID is innovative because it creates unique, throw-away, email addresses every time you sign in with your AppleID (any correspondence will be forwarded to your real email address by Apple). This means, in effect, that you never need to divulge your real email address (or other data) to login to a website. But does this help to prevent a phishing attack? Well, yes and no. Here’s an example based on using your AppleID to login to a large shopping site.
A scam email pretends to be from the shopping site asking you to click on a link to check your account. The link goes to a spoof site that looks exactly like the shopping site. You click to login using your AppleID. Some phishing sites are set up to collect login credentials, and if you enter any credentials and they are sent to the scammer behind the site. In this example, the scammer would fail to collect the credentials as AppleID hides those credentials during the login process.
However, many spoof sites are more intelligent than this. The site will create a proxy that acts as an intermediary between your login credentials (AppleID) and the real shopping site. In this case, when you click to login using your AppleID the token will be intercepted and sent to the real shopping site; the scammer then logging in, on your behalf – and subsequently hijacking your account.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
Apple Inc. Scam Email
An email bearing the Apple Inc. brand is warning that your account is locked and may have been hacked – this is a scam. The email encourages you to click on a link to unlock your account. If you do so, you will be taken to a spoof site which is infected with malware.
Be wary of these emails. Never click on a link, always go directly to your Apple ID account by typing the Apple URL into a browser and logging in from there.
Always avoid clicking a link in an email.