No Sanctuary for Apple Users: New Phishing Scam

Date Created: 10/15/2012 9:21:18 AM

Crime never sleeps. A new scam is afoot, this time aimed directly at Apple users who use iTunes, the App Store, or iCloud. It’s an archetypal phishing scam that seeks to trick victims to give up their Apple IDs by luring them to a phony but convincing website.

Here’s the bait. The intended victim receives an email with the heading “Apple ID Cancelled” that contains the following alarming notification:

Your Apple ID has been temporarily suspended! Somebody else just tried to sing in into your Apple account from another IP address. Please re-confirm your identity today or your account will be suspended due to concerns we have for the safety and integrity of the Apple Community.

Please click here to Activate your Apple ID.

As we’ve noted before, many of these attempts appear to be spawned by semi-literate—or at least careless—writers; note the “sing in into” instead of “sign in to” gaffe. Companies like Apple employ people who take care to ensure their missives do not contain typographic errors, misspellings, and awkward turns of phrase like the overheated “concerns we have for the safety and integrity of the Apple Community.”

As is typical in Phishing scams, a reasonable facsimile of an Apple site lies at the link destination, with what should be by now the flashing red semaphore of requests for your Apple ID and password to log in to change your password. Of course, once entered, this information is collected by criminals to be used in ways that are likely not in your best interest.

If you believe you have fallen for this scam, be sure to immediately go to the real Apple site and change your password.

Remember—no legitimate company will ever request you to enter your user identification and password via email. And whenever you do go to a site from a link in an email, be sure to check the address bar to see if it seems like it’s consistent with what you expect. Even better is not to ever click on a link in an email that you receive from any entity not known personally to you.

Vigilance is the only real security.