Sunday 14 July 2013

A warning for Apple users (and how to easily detect email scams)

My mum came into my room this morning to ask if I thought an e-mail she'd gotten through from 'Apple' was genuine, as it seemed a bit "weird"; she asked if I could double check it and if there was a way to send it into Apple so they know of the scam. Here it is:

Subject: Your Apple ID is automatically disabled


My mum was completely right to think it was a scam. Here are some obvious reasons why:

  • The sender was labelled "Apple", but if you clicked on it, you saw that the actual e-mail address was "ap-confirm@dfds.com". Hmmm... 
  • The reason for "disabling" the user's account is reaaaaally vage. I'd understand if they'd "detected" unauthorised login attempts, but "detect" is not in past-tense, so it sounds like they did it for no reason whatsoever. In fact, it is full of weird spelling and grammatical errors which make it look very unprofessional. Bit stupid...
  • It said my mum's Apple ID was disabled, but if that was true, then she probably couldn't have used her iPad to check her emails online... Ahem...
  • It was asking the receiver to click on a link and enter their login info - most companies say they will never ask for your login details in emails. Another weird thing was the wording - they "recommend" users do it to get their ID back, rather than say they need to. Riiiight...
  • The link leads to "http://thehaystackgroup.com.au/api", which then lengthens out into  "http://apple.session.id94.cepl.com.au/IDMSWebAuth/login.html/jsessionid//index.html?login=1&appleid=loginuk", showing this page:
All the links lead to "www.google.com/"insert Apple product here". Seems legit...
  • The link for any comments or queries going to "Apple.com" actually sent you to a Tesco Bank Contact Page. Bit weird...
  • It then lists the address of "Apple Personal Finance plc." (a company which doesn't exist), which I immediately recognise as the rather large Tesco Bank offices in Edinburgh, as I've gone past it on the train more times than I can remember... Erm...
  • It then finishes off the smallprint with "No responsibility is accepted by Tesco Personal Finance" when talking about possible viruses. What?
My conclusion: someone used the template of a previous Tesco Bank phishing scam and has changed some of the words to "Apple".

If you know of anyone with an Apple ID, do let them know that this e-mail is doing the rounds and to be careful if it gets past the spam filter. Also, if you know anyone who isn't sure of the signs of an email scam, do show them what to look out for; don't forget to let them know that some scam/phishing emails are more professional-looking than this one...

Basic scam-detecting tips:
  • Check the sending address. Don't trust an email from Services_Payments@Pay_PAl.Com, especially when you use paypal.co.uk and only ever get emails from an address from that site.
  • Don't input your login details for anything ANYWHERE other than the actual site you use them on.
  • Look at the spelling, grammar & punctuation - if it's odd, then it's most likely spam.
  • READ THE SMALL PRINT. They often re-use templates and sometimes don't change all the details properly (like in the email above).
  • If you click the links, check the site address for obvious differences to the ACTUAL site you use, look out for any re-routes as the page is loading, etc. If you don't want to click the links (just in case of viruses), you should be able to easily see the addresses by hovering your mouse over them.
  • If you do click the links and go to the site, look at any links on that page; sometimes they don't bother to link them all properly in the hope that the receiver of the email will be in too much of a rush/panic to check that they're real links (like in the email above).
  • Don't just trust something because it has a logo on it. Anyone can use Google Image search.
  • If you don't actually have an account with the company apparently sending you a letter, that's a big giveaway...

And to Internet scammers: nice try.


No comments:

Post a Comment