Everybody knows that you need to be extremely careful and vigilant while roaming the online world, as anything is possible in the ‘cyber’ universe. Now, not everyone pays heed to this advice, nor is everybody as moral as we would hope they would be, which is the reason why we bloggers and reporters need to report on the latest scams trying to take advantage of other users. The latest malicious plan that Internet users need to be aware of is a new Apple ID phishing scam, that looks very, very deceptive.
This new latest scam does a really good job of mimicking an official email from Apple itself. The email header itself is: “Your Apple ID has been disabled for security reasons.”
A little more additional information is provided to build up the appearance of the authentic letter. Below that, the letter includes a malicious link that users are instructed to open that redirects to an untrusted destination. The full letter is embedded below:
Your Apple ID has been disabled for security reasons.
Someone just tried to log into your Apple account from a different IP address. Penligst to verify your identity today or your account will be disabled because of the concerns we have for the safety and integrity of the Apple community.
To verify your identity, we recommend that you go to Verify Now>.
The main sole purpose of this phishing attempt is to gain access to the user’s Apple ID account. When the “Verify Now” link is clicked, the user is taken to a malicious link, which should immediately cause some concerns considering the top-level domain extension belongs to Tokelau in the South Pacific.
TUAW also rightly points out that Tokelau isn’t well the hub of Apple’s operations. Also, this specific Tokelau top-level domain was also responsible for more than 20% of phishing scams in 2010.
There are some “tells” that do tell that this email is fake. For example, no name is instructed on the top of the letter, only “Dear“. Also, Apple never tracks IP address, which is why you can log into your account from an iPhone, iPad or Mac just about anywhere. Also, “Penligst” is no word in the English language, and it’s pretty evident that Apple’s emails are always in English.
It’s also worth remembering that Apple will never request an account to be verified or a password to be reset by providing the Apple ID and current password. If you are in any doubt over the security or integrity of your Apple account then it’s always worth visiting the Apple site yourself so that you know you are going to the right place.