Phishing attempt masquerading as Apple

Zenon · Nov 20, 2018

Got an email telling me I purchased games. I checked the source. The email came from the UK and didn't have have the name Apple in it. Checked my Visa, Apple, iTunes, App store nothing ordered. I contacted Apple and they set up a screen share. As soon as the share went live the email disappeared. Sophisticated. Next time I'll use Adobe's fraud email and send it. They probably won't get it anyway.

Always check the source of any suspicious email.

Colin Grant · Nov 20, 2018

I got one of those. Mail App sent it directly to junk, which was good to see.

Zenon · Nov 20, 2018

I typically set up a rule with MacMail to automatically delete an unwanted email so I don't get it again. Sometimes they are persistent and don't delete when it ask it to apply now. For those I use my service providers mail website and set up as a spam. I never get them again. I have a long list of rules

PhilBurton · Dec 8, 2018

Zenon said:
Got an email telling me I purchased games. I checked the source. The email came from the UK and didn't have have the name Apple in it. Checked my Visa, Apple, iTunes, App store nothing ordered. I contacted Apple and they set up a screen share. As soon as the share went live the email disappeared. Sophisticated. Next time I'll use Adobe's fraud email and send it. They probably won't get it anyway.

Always check the source of any suspicious email.

And never, ever click on a link in an email until you first hover the mouse over the link. What looks my www.mybank.com could be really www.reallybadhackerfromRussiaCriminalgang.com . Better yet, use your browser to to the website directly.

Johan Elzenga · Dec 8, 2018

Zenon said:
As soon as the share went live the email disappeared. Sophisticated.

A little bit too sophisticated, if you ask me. The Apple guy probably deleted it, because I don’t think that self-deleting emails exist yet.

Zenon · Dec 9, 2018

Maybe but it was instant. I didn't see Apple's cursor even

PhilBurton said:
And never, ever click on a link in an email until you first hover the mouse over the link. What looks my www.mybank.com could be really www.reallybadhackerfromRussiaCriminalgang.com . Better yet, use your browser to to the website directly.

Yes I started doing that about 6 months ago. Before that as I stated if it looked suspicious I just set up a Rule to delete right away. Actually when you use Rules in MacMail it shows the real address.

Johan Elzenga · Dec 9, 2018

Zenon said:
Maybe but it was instant. I didn't see Apple's cursor even

If it was an Apple email address (like ‘[email protected]’) then they may have deleted it on the server side. Because this is IMAP, that will delete it from your mail app too.

LouieSherwin · Dec 9, 2018

In Apple Mail preferences there are a couple of settings that help keep you safer.

In the Viewing tab:

Uncheck "Load remote content in messages". Junk mailers will use links to detect a valid email address just by opening the message. With this unchecked you can open the message and non of the links are activated until you click the "Load Remote Content" button at the top.

Second uncheck "Use Smart Address" option. This causes all the actual email address in the headers to be displayed not the faked name. For example you might see something like this: Apple <[email protected]> Clearly an attempt fool you.

Apple is getting pretty good about detecting and sending most of these to my Junk mailbox. If I find one that didn't get detected I always send it to Junk as that will help Apple learn how to filter them.

-louie

Zenon · Dec 9, 2018

Thanks for the info.

Colin Grant · Dec 9, 2018

Thanks Louie. Very useful stuff

Zenon · Dec 9, 2018

LouieSherwin said:
In Apple Mail preferences there are a couple of settings that help keep you safer.

In the Viewing tab:

Uncheck "Load remote content in messages". Junk mailers will use links to detect a valid email address just by opening the message. With this unchecked you can open the message and non of the links are activated until you click the "Load Remote Content" button at the top.

Second uncheck "Use Smart Address" option. This causes all the actual email address in the headers to be displayed not the faked name. For example you might see something like this: Apple <[email protected]> Clearly an attempt fool you.

Apple is getting pretty good about detecting and sending most of these to my Junk mailbox. If I find one that didn't get detected I always send it to Junk as that will help Apple learn how to filter them.

-louie

I’m on my iPhone and going through the settings. Not sure if you use Apple mobile devices but if you do any tips?

Thanks in advance

LouieSherwin · Dec 10, 2018

In Settings->Mail there is an option "Load Remote Images" turn that off.

Unfortunately you cannot turn off Smart Address" but you can examine actual address by opening the message and then tapping on the formatted address in the From field that you want to examine and Mail will open a new view that shows all the known detail for the selected address. If it is in your Address book it will show the Address book entry. If it is not it will just show the underlying real email address with some possible options to add or share the information.

-louie

Zenon · Dec 10, 2018

I just won't touch any suspicious emails until I get home. Thanks for the help louie.

MarkNicholas · Dec 10, 2018

I have received many such emails purportedly from Apple. If the content doesn't give it away that its phishing then the senders email address definitely will.

Johan Elzenga · Dec 11, 2018

MarkNicholas said:
I have received many such emails purportedly from Apple. If the content doesn't give it away that its phishing then the senders email address definitely will.

A sender email address can easily be spoofed, so while a strange non-Apple address may give it away for sure, a seemingly correct address does not mean anything. What cannot be spoofed is the link they want you to click on. The real URL can be hidden from sight, but you can easily see check it.

MarkNicholas · Dec 11, 2018

JohanElzenga said:
A sender email address can easily be spoofed, so while a strange non-Apple address may give it away for sure, a seemingly correct address does not mean anything. What cannot be spoofed is the link they want you to click on. The real URL can be hidden from sight, but you can easily see check it.

Of the many such emails I have received non of the senders addresses looked anything like an apple address. If it is so easy to "spoof" a senders email address then it doesn't seem to make much sense that they didn't do so.

Johan Elzenga · Dec 11, 2018

MarkNicholas said:
Of the many such emails I have received non of the senders addresses looked anything like an apple address. If it is so easy to "spoof" a senders email address then it doesn't seem to make much sense that they didn't do so.

It is really easy. I can send you an email that seems to come from ‘[email protected]’. Spammers target the supidest part of the stupids however, so often they don’t even bother.

Phishing attempt masquerading as Apple

Zenon

Did you turn it off and on again?

Colin Grant

Active Member

Zenon

Did you turn it off and on again?

PhilBurton

Lightroom enthusiast (and still learning)

Johan Elzenga

Lightroom Guru

Zenon

Did you turn it off and on again?

Johan Elzenga

Lightroom Guru

LouieSherwin

Senior Member

Zenon

Did you turn it off and on again?

Colin Grant

Active Member

Zenon

Did you turn it off and on again?

LouieSherwin

Senior Member

Zenon

Did you turn it off and on again?

MarkNicholas

Mark

Johan Elzenga

Lightroom Guru

MarkNicholas

Mark

Johan Elzenga

Lightroom Guru