One of the latest phishing scams doing the rounds is using Apple branding to try and dupe victims. The scam functions by first sending victims an email detailing that their Apple ID has been locked. This email contains a link that supposedly takes the victim to the Apple website where they can unlock the account. The website is of course fake (see image above).
When the target then enters their email address and password, these credentials are harvested. The scammer then has access to their account, and that’s where the trouble begins.
Over the years, Apple has seemingly achieved a reputation of being impenetrable and immune to viruses. This, I’m afraid to say, is just a myth. Apple devices can be just as prone to viruses as Windows devices.
In the infancy of Apple, there was only a minor percentage of the market using it’s products. Criminals want to target as many people as possible, so of course they directed their focus to constructing exploits for Windows products. As Apple increased it’s market share, it became more of an attractive target.
Scam emails can be sent to anyone and everyone. The brand of PC you are using has no impact on your likelihood of receiving scam email. It is the mail protection software that is the game-changer.
Apple, like every company worldwide, can have it’s branding copied and faked (brandjacked). Due to Apple being so immensely popular and having such a vast amount of customers, it is a perfect company to brandjack.
People will generally pay attention to an email containing Apple logos and branding, and scammers use this trust to take advantage. These emails have the ability penetrate a lot of inboxes.
Below is a copy of the scam email that is sent out.
If the recipient clicks on the ‘Unlock Apple ID’ link, they are taken to the fake login page. As we discussed, if they enter their credentials here, they will have unwittingly given the attacker access to their account.
The email is well written and looks convincing. In addition to this, the fake webpage looks incredibly authentic. It is easy to envisage people falling for this honey-trap. So, how can you determine that it’s a scam?
Firstly, always check the sender address. The address has the domain ‘@applemail.email’. This is not a genuine domain used by Apple and so this is the first giveaway.
If you were to hover over the link, you would see it directs to ‘www.appleid.apple.com.appsupportmail.com’. This is where the fake webpage is hosted.
Although the webpage is actually very convincing, we can tell straight away that this isn’t the official Apple website because of the address. Do not be deceived by this web address just because it contains ‘apple.com’ in the middle of it.
If you ever receive an email like this, do not click on any of the links and delete it immediately.
Take Home Message
Although this is just one example of a scam email, the lessons to learn from it are universal. Always question the authenticity of any email you may receive.
Don’t become the next person to be duped by these criminals!
To get a more comprehensive understanding of how to spot scam, please refer to one of our previous blogs:
Using mail protection software is a great way to control email, and reduce the chance of receiving such scam.
If you’re in desperate need of some mail protection, speak to one of our security specialists today on 1300 770035 or email firstname.lastname@example.org.