Posted by: David Harley | February 28, 2018

AppleID phish, and how to recognize phish messages

My long-time mate Roger Thompson at Thompson Cyber Security Labs has flagged a Pretty good Apple phish worth noting. (Not good in a good way!) Some phishing attacks are laughably amateur, but as Roger says, this one is likely to catch a few people out.

He includes a number of screenshots of an attack aimed at AppleID users: the original email message warns of an ‘issue’ with payment. If you click the link – you know not to click on login links embedded in messages, right?* – it takes you to a pretty good facsimile of the AppleID site.

If you view that screenshot on a small screen like a cellphone, you may not be able to read the URL properly, but a closer look reveals that it’s not, in fact, Be aware, though, that there are ways of spoofing a URL so that it really does look like the real site in the browser.

If you do put in an account name and password, you’re invited to ‘verify’ your account, after which you’re asked for your credit card details. Oops…

Be aware, though, that even campaigns targeting a single group of potential victims (like users of a specific bank or provider of other services such as Microsoft or Apple) don’t usually rely on a single email message/landing site/, so there will be other messages that look quite different, and which may target users of other services. The trick is to know what scammer tricks to look for whenever you get a message inviting you to log in to such services.

Here’s a link to an article – Phish Allergy – Recognizing Phishing Messages – that encapsulates quite a lot of information and advice I’ve put together over the years. (Oddly enough, it seems to have been partly sparked by another spate of phishes targeting Apple users, but the advice is generic and doesn’t seem to have dated particularly.)

*If I may quote from that ESET article: “If you have a pre-existing relationship with the organization, for instance if you already do e-Banking with them, you should already have a standard login procedure: use that rather than responding to a possibly random email.”

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: