Account Confirmation: a new nasty scam email...

UKworkshop.co.uk

Help Support UKworkshop.co.uk:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

Eric The Viking

Established Member
Joined
19 Jan 2010
Messages
6,599
Reaction score
76
Location
Bristle, CUBA (the County that Used to Be Avon)
This arrived this morning. I don't have an Apple ID that I'm aware of, but the message was tidy enough to catch someone out. What's more, the "click here" URL was unusually crafty for that sort of thing (see below).
We have detected an unauthorized sign in on your Apple ID ([email protected])

As a part of our security measures your Apple ID was locked.
While your Apple ID is locked, you cannot use your Apple software, also access to your iCloud is limited.
If you want to unlock your Apple ID, please click here.

This is an automated message, please do not reply.

Thank you.

Apple Support
My Apple ID | Support | Privacy Policy
Copyright © 2015 iTunes S.`a r.l. 31-33, rue Sainte Zithe, L-2763 Luxembourg. All Rights Reserved.

The "click here" URL wasn't the usual Russian one (or similar), but rather cleverly constructed:
http:||www,google,com|url?q=http:||apple-id,apple,com,id-handler,cgi,verification-online-team,com|email_identifier=DTLO9bNVQvQ4YjOx1WlhZsBq3e6wfS6D1JDJgT3ZpcFUxLpWstKcI31GBwgUvcmxZeWrToqael5DzpazhJhJlL...
[...got bored here]
I've munged it so it shouldn't work as a URL any more, but you can see the point: The Google passthrough gets past filters, and the "apple-id.apple.com" near the front and a long string of ID code at the end might look passably authentic to anyone hovering over it.

I know a lot of folks on here live on iPads and iPhones, so it's just possible. It's also possible that the creeps would try beforehand to lock the account for real, by simply overloading it with wrong password attempts (daughter #1 did this to daughter #2's new iPhone 6 for a tease - you can cause it to lock for several hours if you're clever).

Be careful out there...

E.
 
I'm always getting messages saying my account has been cancelled etc more often than not from accounts I do not have.
Unless it is addressed to me personally by name I ignore them.

Rod
 
I never go to sites using links from emails, always search them and go via a search engine. Unless you are willing to check the emails header information which discloses the TRUE sender of the email you will always be at risk of visiting a malicious site, searching for the site via a search engine is much quicker.

Information on email headers in case anyone is interested below, its very easy to make an email look like its come from a legitimate address when if fact its malicious.

https://portal.ictp.it/icts/faq/spoofedsender.html/
 
Back
Top