The holiday season is a perfect time for cybercriminals to step up their game. More consumers hit the internet to shop for gifts, making people more susceptible to let their guards down with all of the holiday hoopla surrounding the times. Apple customers were recently hit with a fake email scam that was cleverly crafted to look and sound like the real thing, but was determined to be just another savvy attempt by hackers to try to steal sensitive information from unsuspecting victims.
The email scam makes sense, as Apple products are extremely popular at this time. With so many Apple gifts being given in the form of iPhones, iPads, iPods, Macs, and the like, new Apple customers were born at an increased rate. By sending out fake emails under the Apple disguise, the scammers behind the scheme can easily trick new customers into thinking it is necessary to update their so-called account information.
As mentioned, the latest Apple email scam is well-designed and appears as if it comes from the company itself, on a superficial level at least. Intego, an antivirus software provider, noted that the scam was aimed at those who purchased Apple products during this holiday season, and that its reach has been deemed to be quite broad. Its designers leave no real stone unturned, as the email contains copyright marks and Apple’s modern shadings for some authenticity in terms of the overall look. Unlike many phishing scams, the email sent from firstname.lastname@example.org is laced with proper grammar and spelling, which are two areas where phishing scams can usually be detected right off the bat. The message notifies the “customer” that their billing information records are out of date and that an update is required. The email goes on to say that failure to do so will result in account termination. Customers are then urged to click a store.apple.com link to confirm the billing information on file.
Clicking the email link leads to a phony Apple Store sign-in page requiring the customer to enter their Apple ID and password. The sign-in page carries an authentic appearance, but a couple of clues show its phony phishing qualities. First, the title at the top above the address bar differs from Apple’s actual sign-in page, offering a title of just Apple Store, rather than Apple Online Store. Second, the URL contains an IP address of four sets of numbers. The actual Apple Store offers a valid URL, containing store.apple.com.
If a customer does not notice those two slight differences, entering their Apple ID and password and signing in leads to a page asking them to update their account profile. The new page can be identified as fake due to its incorrect title above the address bar, as well as its URL that once again contains an IP address instead of an official Apple URL. The page asks for a host of personal information, such as mother’s maiden name, social security number, billing and shipping address, plus credit card data. Entering this information and continuing obviously puts a load of valuable tidbits in the hands of scammers.
The phony Apple email scam is nothing new, and you can expect many like it to make the rounds in the future. So, how can you protect yourself from handing over all of your valued data? Two good things to exercise to prevent any trouble are caution and common sense.
A quick look at the Apple example offers some tips on what to look for. Let’s start with the link in the email message that supposedly leads to the Apple Store. Hovering the mouse cursor over the email link shows that it leads to the phony aforementioned URL. Hovering is one way to check out a link before actually clicking it, but you can also right click the link, copy it, and paste it somewhere like Notepad to take a look at it. You should never click a link in an email message, even if you think it could be legitimate. It’s safer to go to the company’s official website and perform the necessary tasks of updating information, or whatever else you may have been asked to do.
Besides never clicking links in emails, you should also make a habit of checking URLs for any tell-tale signs that they may be fake. Official website URLs will not make use of IP addresses (twelve numbers divided by periods into groups of three). Sticking to the theme of URLs, pages that require you to login, enter financial information, or any other sensitive data should use the HTTPS protocol at the beginning of the address to let you know that you are being protected. This is often accompanied by green text and a lock icon. Finally, check emails that claim to be legitimate for spelling and grammar errors. If they appear to be poorly written and are loaded with spelling and grammar errors, you can pretty much guarantee that they are scams.
For more on this topic, visit http://news.cnet.com/8301-1009_3-57348467-83/apple-billing-e-mail-scam-making-the-rounds/?tag=txt;title
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou