A quick example of Phishing emails

Started by techie, June 25, 2017, 09:03:37 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

techie

1) Who is it from? Why would Apple use a hotmail account? Why would Apple use a account from France for a US contact. Pretty Bogus from the beginning.

(Apple) ability@hotmail.fr

Subject:  Statement Update] Report : We have update on our Policy Update

2) The email itself gets even better, double posted things, poor grammar and in my case asking me to verify a ID I know I don't use and doesn't exist:

Customer ServiceCustomer Service

Dear xxxx,

We have notified that some of your account information appears to be missing or incorrect. We have faced some problems with your account.

Verify your Apple ID account in order to be used. Please check immediately by clicking the following link :

❶ Sign In
Sing-in into your Account
❷ Verify Your Information
Enter your information in advance, to make sure you is owner of Apple ID account
❸ Submit and Activated
If you has verified your data correctly our system will automatically activate your account
      

Sign In

Our system will automatically disabled your account if we do not receive any information longer than 24 hours.
Apple team
You received this mandatory email service announcement to update you about important changes to your Apple Inc product or account.
© 2017 Apple Inc., 1 Infinite Loop. Cupertino, CA 95014.

3)  If you click the sign in link it looks pretty legitimate except the fact all links are broken except enter email and password. If you verify your account we will have your user name, login password, address and if entered your financial information.

Corrine

The problem is, too many people don't read emails like that carefully -- skim, react to "problems with your account" (OMG, what will I do!) and then click the link and *POOF* they have the account credentials.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Timely post, techie.  I just spotted that this was recently posted on Malwaebytes' blog:  Something's phishy: How to detect phishing attempts.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

techie

Now a grandmother from France is telling me that my Apple ID needs attention :-\

grandmother@hotmail.fr

Basically this phishing scam is originating with a hotmail.fr account. I thought hotmail was now outlook mail?

1)  Apple would never send a email addressing you as your email account.
2)  They address you by your actual name.
3)  It will always have in the email address @(the apple division, i.e. music, id, support, etc.) .apple.com if legitimate.

The email name used and new link to Phish information is usually quickly blacklisted.


Corrine

People with those earlier email addresses (Hotmail, Live, were not required to get new addresses.  Rather, they are all accessible via Outlook.com.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.