We have currently seen a new phishing focus, Apple device users.
Just recently one of our clients received the following email privately
From: Apple [mailto:firstname.lastname@example.org]
Sent: July 2014
Subject: Apple ID Temporarily Locked
iCloud/Apple – matt
This message is to inform you that your Apple Account (Your@emailaddress.co.uk) has been temporarily locked until you can validate your Apple ID details on file. This is a security measure to protect your iCloud Account from unapproved use. We apologise for the inconvenience.
You won’t be able to access Apple services or the iTunes & App Store until you verify your Apple Account ownership, we urge you to complete validation as soon as possible. Failure to validate your details within a 24 hours can result in termination of your Apple/iCloud Account to safeguard our system.
How do I validate my Apple Account and unsuspended my Apple ID?
Just proceed to the link below to verify your ID. Login in using your Apple ID and password, then follow the prompts.
> Validate My Apple/iCloud Account Details (see point 4)
While using Apple devices and web services, you’ll still login with your main e-mail address as your Apple login.
If you have questions and need support, please see the Apple ID Support site.
Apple UK Support
Case Support ID: #I10BA61914-ID9
Copyright 2014 © Apple Support Eurpoe. 11 Infinite Lane, YS 714-AP, Cupertino, CA 291084.All Rights Reserved / Keep Updated / Privacy Terms / My iCloud Control Panel
To the unsuspecting on looker this looks quite a valid request how ever there are a few things which give away this being a total fake / phishing email.
- Spelling Errors – Do you think a large business would allow any spelling errors in their mail shots?
- Address – “Apple Support Eurpoe. 11 Infinite Lane, YS 714-AP, Cupertino, CA 291084 ” so their European Head Office is in USA? Also what is Eurpoe ?
- Apple would never contact you in this manner, why would they need to ?
- Validate My Apple/iCloud Account Details – “https://mysecureicloud.uk/myappleaccountmessageview-ticket-id8912380357849182-wuasecureapple/” is not a known Apple site, you can check this by hovering over the link and not clicking.
If you do click the Validate link it will take you to this screen, which looks like the genuine Apple site So it makes sense to not click until you have checked every thing.
But the big give away has to be the address bar!
Again not a known Apple website.
The biggest tip we can give anyone concerned by this is Google / Bing to find out more. So in this example Googling / Binging “mailto:email@example.com” the first hit you get is a linked stated you are being spoofed, in other words “THIS IS PHISHING!”
We offer advice and support on all things security, want to stop these all together?
Feel free to contact us.