Crime never sleeps. A new
scam is afoot, this time aimed directly at Apple users who use iTunes, the App
Store, or iCloud. It’s an archetypal phishing scam that seeks to trick victims
to give up their Apple IDs by luring them to a phony but convincing website.
Here’s the bait. The intended
victim receives an email with the heading “Apple ID Cancelled” that contains
the following alarming notification:
Your Apple ID has been
temporarily suspended! Somebody else just tried to sing in into your Apple
account from another IP address. Please re-confirm your identity today or your
account will be suspended due to concerns we have for the safety and integrity
of the Apple Community.
Please click here to Activate your Apple ID.
As we’ve noted before, many
of these attempts appear to be spawned by semi-literate—or at least
careless—writers; note the “sing in into” instead of “sign in to” gaffe.
Companies like Apple employ people who take care to ensure their missives do
not contain typographic errors, misspellings, and awkward turns of phrase like
the overheated “concerns we have for the safety and integrity of the Apple
Community.”
As is typical in Phishing
scams, a reasonable facsimile of an Apple site lies at the link destination,
with what should be by now the flashing red semaphore of requests for your
Apple ID and password to log in to change your password. Of course, once
entered, this information is collected by criminals to be used in ways that are
likely not in your best interest.
If you believe you have
fallen for this scam, be sure to immediately go to the real Apple site and
change your password.
Remember—no legitimate
company will ever request you to enter your user identification and password
via email. And whenever you do go to a site from a link in an email, be sure to
check the address bar to see if it seems like it’s consistent with what you
expect. Even better is not to ever click on a link in an email that you receive
from any entity not known personally to you.
Vigilance is the only real
security.