From: Apple <secure@icloudsafetyteam.co.uk>
Subject: Apple ID Temporarily Locked
Date: 16 August 2014 11:17:40 GMT+01:00
To: xx@xxxxxxxxx.com
Reply-To: secure@icloudsafetyteam.co.uk


iCloud/Apple - xx@xxxxxxxxx.com

This message is to inform you that your Apple Account (xx@xxxxxxxxx.com) has been temporarily locked until you can validate your Apple ID details on file. This is a security measure to protect your iCloud Account from unapproved use. We apologise for the inconvenience.

You won't be able to access Apple services or the iTunes & App Store until you verify your Apple Account ownership, we urge you to complete validation as soon as possible. Failure to validate your details within a 24 hours can result in termination of your Apple/iCloud Account to safeguard our system.

How do I validate my Apple Account and unsuspended my Apple ID?
Just proceed to the link below to verify your ID. Login in using your Apple ID and password, then follow the prompts.

> Validate My Apple/iCloud Account Details

While using Apple devices and web services, you’ll still login with your main e-mail address as your Apple login.

If you have questions and need support, please see the Apple ID Support site.

Sincerely,
Apple UK Support

Case Support ID: #I10BA61914-ID9

(our email address x-d out by me for this post)
We hardly ever use Apple ID, do not use iCloud, only interact with them on iTunes and that rarely.

I think it's phishing from this quick Google search:
http://myonlinesecurity.co.uk/spoofed-apple-your-apple-id-has-been-suspended-815268-phishing/

This message is to inform you that your Apple Account ... has been temporarily locked until you can validate your Apple ID details on file. This is a security measure to protect your iCloud Account from unapproved use. We apologise for the inconvenience.

That or its ilk is the classic start of virtually every phishing attempt coming down the pipe/pike. Usually it's "from" a bank or email service.

In case it isn't obvious, you should delete tout de suite all such e-messages as your only response to same ... or be beholden to some Nigerian prince.

Under any doubtful circumstances a call to Apple or to your bank or email service provider should dispel lingering doubts. (Just be prepared to get in a queue. Bring a comforting beverage.)

Log into your Apple account in the normal way. DO NOT ClICK ON A LINK IN THAT EMAIL! When (not if) you are successful, you know that the message is a fake (but you already know that, right?).

Yes, this is a fake "phishing" email. I get about 5 of these a month.

How do I validate my Apple Account and unsuspended my Apple ID?
Just proceed to the link below to verify your ID. Login in using your Apple ID and password, then follow the prompts.

A message from Apple (or any other security-conscious business) would never ask you to log in by clicking a link. The presence of that phrase in an email message is proof, in and of itself, that the message is bogus.

It is not even necessary to notice that Apple would know how to spell unsuspend (even if their built-in spell checker does not). Nor that Apple would know that login is a noun; the corresponding verb is log in (two words). Spelling errors, grammatical errors, and typos are indicative of writers who would rather make a fast buck than an honest one.

Not to mention the fact that the provenance of any such link—in Mail.app, at least—can easily be determined simply by hovering over it, whereupon the actual target URL will be revealed, tool-tip style.

The same for Entourage.

Ditto for Thunderbird and for Gmail in Firefox.

Interestingly, a recent study of Nigerian 419 fraud emails suggests the typos and poor English are deliberate. They want to weed out people who will respond but then later back out, thereby wasting their time; their preference is for people who respond to be gullible and poorly educated (and so less likely to twig on to the fact that something's fishy), and the poor spelling/grammar acts as an early filter.

I wonder if there's something similar going on with phish emails--a better educated victim is more likely, after responding to such an email, to realize something's wrong and change passwords (thus contaminating the phisher's results with non-working passwords) or, worse yet, realize he's been taken and track down the Web host of the phish.

I also check the address it came from, make sure the domain is legitimate. Also, if you hover over a link, it will give you the address where you are being led, usually a very bad place...

The address it came from is utterly meaningless. I can send you email with a "from" address of anything I want--your own address, or billgates@microsoft.com, or security@apple.com, or god@heaven.trumpets, or anything else I like. It should never be relied on to validate an email.

I've received a few emails like that…purporting to be from people I know.

In one case it was done very cleverly. It looked like it was from a friend in another city and opened with the question "What do you think of this?", then signed off with his first name. It was linked to one of those "get rich quick" sites that advertise high wages for little work.

When I called the friend, he had no idea what it was about.

I assume that whoever copped his email address also took a look through his organizer.

The scammer may not have "…took a look through his organizer" and in fact the data may have been — even most likely was — obtained the from a virus infected third party computer. Just because an email appears to come from a given source, seldom reveals the actual source. This is "old school" scamming technology that has been around for at least ten or fifteen or more years. Even documents on an infected computer can be harvested for email addresses and associated sender/receiver pairs.

I guess a very sophisticated phish could look like it came from the actual microsoft.com domain. I have my email set to always show the header. Usually, the domain kinda sounds like a known one, but is a subtle, or not-so-subtle, variation of that. Once, I got an email with the domain from a real sheriff's office in FLA. You know, someone stranded in Europe, wire me money to get home and I will ABSOLUTELY pay you when I get back. Problem was, the cc instead of the bcc field was used and I could see my email was part of an alphabetical list. So, I called the Sheriff's Office in FLA and spoke to the sheriff. Turns out it was some serious mischief by his son.

It's not necessary to hack someone's email to send a message with that "from" address.

When you set up an email account, there's a space for you to type in your email address. You can type anything you want in that space--it's not checked or validated. So for example I could set up Mail.app to use an email provider, only where it says "your email address," I could type "william.gates@admin.microsoft.com" and that's what would show up in the From: field. I wouldn't need to get access to Bill Gates' email account to send email with his From: address.

….which I assume would explain why I was once advised that forwarding the emails to authorities is not overly helpful unless the headers are expanded.

I now have a standard procedure whenever I receive any kind of phishing message. I use Apple mail and go to View>Message and select "All Headers". Then the email is forwarded to the people at my ISP who deal with this stuff. If the mail has purported to be from a company, such as a bank, it is also forwarded to that company's fraud department.

That's what I was talking about. Except I use 'show headers' all the time. it's a way of documenting emails as real if they are printed afterwards.

I got that part. It just wasn't clear to me that you then forward the emails to the people who use the data to trace the source and deal with the offenders.

One thing you can do is create a free account at spamcop.net and then, whenever you get one of these emails, copy the link from the email and paste it into Spamcop. It will tell you the abuse address of the ISP that is hosting the phish Web page. Emailing them usually gets the phish page shut down pretty quick.