Beware of phishing attacks
Published April 14th, 2014 at 8:30 PM EDT , modified April 14th, 2014 at 8:31 PM EDT
An opportunity fell right into my lap this evening to remind everyone about the dangers of phishing. Pretty much everyone with an electronic device has at least one online account of some kind. Most people have many accounts, often so many that they have lost track of some of the less important ones. This means that everyone is at risk of receiving some kind of phishing e-mail at some point.
In my case, the “opportunity” came in the form of an official-looking e-mail from “Apple.” According to this message, I needed to complete a security validation, and failure to do so could result in suspension of my Apple ID. The message looked very much like a real Apple e-mail message, and the English was good. (Bad grammar is often a tip-off to a scam.)
We need to ask you to complete a short and brief step to securing and validating your account information.
Click here to complete validation
Failure to complete our validation process will result in a suspension of your Apple ID.
We take every step needed to automatically validate our users, unfortunately in your case we were unable to. The process only takes a couple of minutes and will make sure there is no interruption to your account.
Wondering why you got this email?
This email was sent automatically during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted.
For more information, see our FAQ.
Apple Customer Service
Fortunately, I am well acquainted with this scam, although I had never actually seen it before. Even if I hadn’t heard of it, though, there were a number of problems with this message. These are problems that everyone should know to look for whenever receiving this kind of message.
First is the e-mail address. This message came from firstname.lastname@example.org. Spot the problem? You may not at first… I didn’t, and I was looking for it. Your mind often sees what it expects, rather than what is actually there. It’s very easy for you to look at that address and read it reversed, as email@example.com. Other common phishing tricks are using addresses like firstname.lastname@example.org. (Notice that there’s no ‘L’ in “apple” there – that’s the number one.) Paying close attention to the address is important, but you have to keep in mind that it may take more scrutiny than you might think necessary to spot a discrepancy.
Of course, e-mail addresses can be spoofed. This e-mail message could very well have actually said “email@example.com” on the From line without actually having been sent from Apple. So looking at the sender address isn’t always a reliable identifier.
Second is to pay attention to the link you’re asked to click. In Mail, you can hover your mouse over the link to see a tooltip containing the address… no need to click the link to find out where it goes. As you can see from the screenshot at right, this link didn’t go to an Apple server. Instead, it goes to a site identified by nothing more than a random IP address. That’s a significant observation, as this means that they’re trying to hide something. In other cases, a lookalike address may be used instead, like amaz0n.com (notice the zero?) or goggle.com (“goggle” is not Google!).
One common mistake that people make is to assume that a link on a URL that is spelled out in the message must go to that URL. For example, consider the following:
Clicking that will take you to Google, right? Nope. Give it a try… you’ll end up on Yahoo instead. Pay attention to the link, even if it looks like you shouldn’t have to!
Finally, be aware of the policies of the company the e-mail supposedly comes from. In this case, I know that Apple does not conduct the kind of security checks that this e-mail claims. They will not randomly ask you to verify your Apple ID. In addition, I have enabled two-factor authentication on my Apple ID, which means that I have already verified my Apple ID pretty definitively, and thus the message didn’t really make any sense for me. Because I am familiar with Apple’s behavior and Apple ID security features, it would have been extremely difficult to trick me with this e-mail.
If for some reason you think the request might be legitimate, you still shouldn’t click on any links in the e-mail. Instead, log in to the account in question normally, as you would do so at any other time (such as by clicking a bookmark in your web browser or typing an address into the browser’s address bar). Try to take the requested action there. If you don’t see a way to do so, the e-mail was probably a scam.
In the case of Apple, the appropriate place to go to manage your Apple ID, should that actually be necessary, is appleid.apple.com.