An Annual Reminder: Watch Out For ‘Phishing’ Scams

Have you ever heard of phishing? It’s a form of social hacking in which a malicious party sends out a ton of emails, purportedly from a well-used website or service like Facebook or Apple’s iCloud, informing you that something is wrong with your account and you need to log in immediately or face dire consequences like having your account canceled or getting charged for some alleged infraction of the rules. When you log into what you think is a valid website, your credentials are stolen…

Phishing attacks play no favorites; everybody gets them from time to time. Two days ago I was going through my emails when I saw this:

A phishing email from "Apple" (yeah, right...)

A phishing email from “Apple” (yeah, right…)

Now some people may look at this email and say “Oh, my gosh! My iTunes account is about to be canceled! What should I do?! I guess I’ll click that “Save it for me” link.” If they do so and “sign into” that they think is iCloud, someone has just grabbed their iCloud account credentials and can go to town stealing personal information and (if that’s the same as their Apple ID/iTunes login) even rack up a lot of charges. I’m hoping, however, that they’ve read this article before they get this phishing email and take some proper steps to stay safe.

What’s Wrong With This Email (And How To Tell That It’s a Phishing Email):

  • The email subject isn’t capitalized; it’s all lower case letters, which Apple will never do. Apple is full of perfectionists who cross-check almost everything before sending it out, and they’d never do this
  • This email has obviously been written by someone who is not a native English speaker, as the phrasing is laughable “Including your email icloud as well” – awful grammar, and iCloud is written in all lower case, once again something Apple would never do
  • That image is probably a feeble attempt at avoiding a trademark lawsuit if Apple ever catches the person(s) who sent it. Why? That’s the old Apple logotype
  • Apple never terminates an account for non-use, on the off chance that after years of not using a service like iCloud or iTunes, you may decide to use it and spend money – that’s partially how Apple has become a $700+ billion corporation
  • A partial HTML tag (</center>) is just visible on the bottom of the email, proving that not only are the writers of the phishing message criminals and bad people, but they don’t have very good web coding skills either
  • Apple almost never asks users to click a link in an email to get to a web page. Instead, they ask users to log iTunes/iCloud/Apple Music/Apple ID account through the normal method — go to that website and enter your normal URL to enter the site. Never click a link in a phishing email or any email from Apple, Facebook, or any other site. Just go straight to the website (apple.com, facebook.com, etc…) instead
  • Apple never puts links in white on a red background. That’s cheesy 1995-type web design.

The Devious Points of This Phishing Email:

One quick way of telling that you’ve received a phishing email is  you can right click on the “from” address and it will be from some “.ru” (the Russian domain country code) email address although it shows an official-looking return address tag like “Apple iCloud Account Services”. These guys used “Apple Service ID” (which is quite fake sounding), and right-clicking shows the address to be the very believable “no-reply@mail.apple.com”. That makes no difference since most people won’t click “Reply” and send an email asking about the issue; what they want people to do is click on that red link marked “Save it for me” — which you should NOT do.

If you click on that link, you are sent to a web page at the following address:

“webbitgifts.com/A”

which obviously has NOTHING to do with Apple. An Apple email will always come from the “apple.com” domain. Once again, you can determine the destination of a link by right-clicking it (on a Mac) or tapping-and-holding it (on an iOS device). The web page that this address redirects to actually looks like the Apple ID page. Don’t be fooled! Once again, check the address in the Safari or Chrome address bar:

http://appleid.apple.com.account.manage.wets.myapleid.woa.wa.directt.myappleid.woa.25napplic2faccount.25napplic2faccountmasdfhjkoa9limg234567890.webbitgifts.com/index/index/src/index/index.php?api=_login-detail&session=5e930e2e937433992f627e7354c50e8d&wait=d1ab2555a560ea018f8d04333f6cd5b6eace2480

What’s wrong with this? Apple will never use just an “http” address. All Apple websites are prefixed with https, meaning that a secure certificate is in use to encrypt the communications between your device and the Apple web server. Second, reading past the “appleid.apple.com” you eventually get to the same “webbitgifts.com” domain name seen on the original short link — that’s not Apple.

What Should You Do If You Received This Or A Similar Email?
If you’re not sure whether it’s a phishing email, do the “safe” tests. Right-click (or tap and hold) on the “From” email address. As you saw with this email, however, phishers will sometimes be “smart” and use a valid apple.com return email domain. Next, right click (do not use a regular click) or tap and hold on any links in the email. Copy the web address, then paste it into Text Edit or a similar text editor. Take a close look at the address, and make sure that the initial part of it ends in apple.com.

Even at this point, if it looks like a valid Apple email, don’t click on any links. Instead, open the Apple website and then try to find the information the good old fashioned way — by looking for it.

Any email that is indeed a phishing attempt should be deleted immediately, or even better, marked as spam and sent to your junk folder. Don’t worry — valid Apple emails will still come through but anything from “webbitgifts.com” or whatever the phisher’s email domain happens to be will end up in your junk folder.

Stay safe out there, Rocket Yard readers!


LEAVE A COMMENT


  • Fine, you’ve shown us how to spot the incompetent bad guys. Most of this is fairly obvious. How about showing us how to spot the competent bad guys?




  • A good warning indeed, and we should notify our parents on a regular basis about this, the phone calls from the “U.S. Treasury” or “I.R.S.” and other ways in which elder abuse scams are perpetrated.

    BUT, the grammar is getting better and better. The HTML is cleaner and more and more these are looking legit, especially if you click before you look carefully at them. What will we do then? I imagine Apple is still creating new strategies to deal with this and using an App (like iTunes) to interface with Apple is looking more and more like where we’re headed.

    Has the browser become too poisoned to trust? Will we all just be using our bank’s app, our government’s app, our electric company’s app, Amazon’s app and more to do business? If we cannot find a way to lock down browsers, this is certainly a possible near future.

    If Russian hackers can influence American opinion and an election, how long before they kill the browsing experience as we know it? :-\




  • I forwarded this to Appley how do we stop these.