Learn to Avoid Phishing Attempts

Mac, iPhone and iPad users get inundated with phishing attacks that appear to be official Apple emails but are in fact attempts to steal your Apple ID password. These fake emails play on emotions to get you to click on false links and then enter your password or download some malware. Take a look at some common examples. Thanks to those who contributed these examples!

Video Transcript
Let's talk about Phishing. I recently asked MacMost users to send me examples of phishing attacks that appear to come from Apple. This is a particular problem for Apple users. Phishing attacks can come from anywhere. They can come from your bank, they can come from Amazon or eBay. But for Apple users we get a lot of them that appear to come from Apple. They target us because we have iCloud accounts or maybe they just target everybody and you just happen to be somebody who has a Mac and got one of these.

Let's take a look at some of them. So here's one that appears to tell you that you've been locked out of your iCloud account and you have to do something to get back in. You can see here there's a link that looks like an official link to go and unlock your account.

But the thing about phishing attacks is the links always appear to be official. But links can be disguised very easily. So this link here won't actually take you to Apple.com but probably will take you to a site that looks like Apple.com. At least the login page. You're going to be entering your Apple ID and password into this login page. Now you've given your password to some sort of malicious individual or organization. It may then even try to disguise the fact that you've done that. Maybe giving you an error message and jumping to the actual Apple site where you can go on and think maybe nothing has gone wrong.

Here's another one. A lot of these, you know, have some sort of urgent thing going on. In this case it's somebody else is trying to get into your account and requested a change to your account. It makes you a little bit panicked and then there's a link right there, Unlock My Account. Of course that's not going to take you to the Apple site either.

Here's another one. Notice that all these seem to come from Apple or something to do with Apple. You can't trust the From line either. You can change your name to Apple and send an email and people would get the email and look like it comes from Apple. Because you see the name and not the email address there. Even the From email address itself can be faked. So it can appear to come from something at Apple.com and it actually doesn't. It's kind of like writing the return address on a letter. You can write anything you want there and stick it in the mail. It doesn't mean it's right but anyone trying to scam you doesn't care what's right.

So in this case it tells you your account's been restricted. Maybe it even gives you your Apple ID. So it's going to send these out to iCloud accounts and it's going to put your real iCloud Apple ID in there, maybe, to make you think it's more authentic. Then you've got some links there and those links are no good.

So a lot of these, of course, try to play on your emotions. So here's something you've got that tells you your payment was declined. Why is there something wrong with my credit card? Is something going on? It may make you rush to go and find out what's going on and maybe click on this link here. Look how official this email looks. Its got the Apple logo at the top. The Apple logo at the bottom. It says Apple Support.

There's a lot of funny things in these different emails. Misspellings and things that obviously Apple wouldn't put in real emails. But a lot of times they look pretty official and it's hard to spot any imperfections. So, of course, you click on this link and it's not going to take you to applied.apple.com. It's going to take you somewhere else. Maybe someplace that looks like it.

Here's another one that plays on your emotions. A system alert fraud order. Look at the bottom half of this and it looks like you paid some money for something and, you know, it wants you to sign in to take care of it. It's a pretty unofficial looking email so it's hard to be caught by this one. But you may be so passionate about protecting your account that you may tap sign in without thinking about it.

Here's another one telling you it is basically a receipt and in this case it's not asking you to click on a link. It's asking you to open an attachment. The attachment could be malware. Could be adware. It could be anything. So never open an attachment for something that you get in email. That's it right there. Link to apedia. You will be prompted to open or view the file or download to your computer. For best results save the file first and open it in a web browser. So you can see right here lots of alarms should be going off when seeing something like this.

Now here's another one. This one really tries to play on your emotions by putting a huge number there saying you've been charged $420,00 dollars, although it's missing a zero there, because you've made a purchase and this is just a kind of courtesy notice from Apple. It looks a lot like a real one. So you may want to click on one of those links to go and figure out what's going on. Of course, they are bad links.

Now if you don't believe me how easy these things are to fake here I've composed an email that looks kind of like the last one we just saw. I could easily insert a graphic at the top just to put a logo there. I can easily fake the link. So here is a link right there. I can Control click on it and say, Add a Link, and then look what I can do with the link. I can make it look like an Apple link even if you check it. So maybe let's put security.apple.com. Right, but that doesn't do me any good because if I'm a scammer I don't own apple.com. But I keep going. Dot example.com.

What this is really going to do is it's going to take you to the website example.com which has been configured to redirect anything going to security.apple.com.example.com to a malicious page that looks just like an Apple page and fakes having you login just to capture your password. When I send this, I get it here as a message and I can see here I got the link and one way you can protect yourself against these kind of things is if you move the cursor over the link you can see in mail it shows you the URL. But you have to be smart enough to recognize this really goes to example.com because it's the end of the domain name, not the beginning, that counts and that this is really fake.

The best thing to do is never click on any of these links in any of these emails no matter how official it looks. Instead go onto the site yourself. So if it tells you to go and check your Apple ID, go type in Apple ID.apple.com in your web browser. Go to it. If it tells you to check your iTunes account, check iTunes in the iTunes app. Do everything by going to your own bookmarks and typing your own links, not using the links in the email.

Comments: 16 Responses to “Learn to Avoid Phishing Attempts”

    Sharon Beck
    8/24/17 @ 9:31 am

    This post is so great in it’s visuals and it’s explanation, that I’m going to put a newsletter out on just this link of yours and tell all of the 262 people on my list, that they need to get to know you and your work, by watching this link. Then I’m going to give the the link. I think everyone needs to see this video of yours but especially Seniors. And bringing them technical understanding of their iOS devices is my passion in life. Thank you Gary, I am a big fan.

    Joe Finkelstein
    8/24/17 @ 10:02 am

    Gary, Great stuff and so important. Already sent this on to a number of my friends.

    Marvin Welborn
    8/24/17 @ 10:58 am

    the oddity of all this is I’ve notified Apple of these ‘several’ attempts on me, but have never received ‘any’ acknowledgement from Apple. It’s like a Black Hole I’m talking to.

    8/24/17 @ 11:02 am

    Marvin: You won’t get any response from Apple. They’d need a staff of dozens (hundreds?) to respond to these reports if they were going to do that. Same from any major email provider. They simply put your email into a database and use that data to help make their filtering models better. That’s a guess. So it does help a little, but personally I don’t bother to report these. I just delete and move on with my day.

    Shirley
    8/24/17 @ 1:10 pm

    I select the message in the list and go to the Message Menu and send these to “reportphishing@apple.com” (with out the quotes). I do notice that the number of these phishing emails diminishes after doing several of these.

    8/24/17 @ 1:42 pm

    Shirley: There’s definitely no relation to the number of phishing emails you get and your use of reportphishing@apple.com. At best, forwarding to reportphishing@apple.com just gives Apple more data. But it won’t affect you directly.

    Patrick J Mele
    8/24/17 @ 3:11 pm

    I use the hover method for seeing hidden addresses and found suspect sites. I’m curious if I could add a Rule in the Mail app for hidden or suspect addresses

    8/24/17 @ 3:18 pm

    Patrick: Since they change these spam sites all the time, there’s no point in trying to create rules. It would be different next time.

    Anne Burke
    8/24/17 @ 3:54 pm

    Timely advise Gary. We all get lazy at times or forget to check.
    Thank you for the wake up call.

    Jeff White
    8/24/17 @ 8:07 pm

    If in doubt, I always proofread the message carefully. Most phishing emails will have spelling, punctuation, or grammatical errors. In Gary’s draft example, the subject line uses a hyphen in Apple-ID, which is non-standard punctuation. Apple ID again appears in the first line of the text, but without the hyphen. Inconsistency! It’s followed by a comma, which is completely unnecessary. A clear fake!

    8/24/17 @ 8:15 pm

    Jeff is right in that almost all phishing emails have these mistakes in them. But don’t use that as a way to detect them. Then all it would take would be one perfect fake and your password would be compromised.

    Lubomir
    8/25/17 @ 5:51 am

    wow…this was fantastic topic!!! I hope I’ll learn something from it! Thanks,Gary and may God bless you and your family

    Karen Brown
    8/25/17 @ 8:42 am

    The example you showed with the $420,00 would tell me, not that it was a mistake, but that it came from somewhere in Europe—from someone who may be able to put in the $ sign, but isn’t smart enough to know that we use a period between dollars and cents, not a comma!

    8/25/17 @ 8:53 am

    Karen: So the thing to worry about is, what if next time the price is reasonable? Like $39.95? And everything is spelled correctly and perfect? We still need to be on guard and not rely on these “tells” to determine what is real.

    Jasper
    8/27/17 @ 3:21 am

    I get heaps of phishing attempts on one email account but NEVER on my iCloud account. I think the reason is that the phished account is based on my name at a well-known domain, so phishers can guess my address might be real. My iCloud account and its aliases don’t contain my name. They were created with a password generator and are unlikely to be guessed. I only use icloud aliases so that if one got bad I can change it.

    Janet grant
    9/8/17 @ 4:26 pm

    Very informative,I found Apple care very helpful and now I know just to delete them.
    I was not aware that Siri was so versatile .

Comments Closed.