An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
This is a fake message from Apple, right?
#30826 08/16/14 01:39 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
From: Apple <secure@icloudsafetyteam.co.uk>
Subject: Apple ID Temporarily Locked
Date: 16 August 2014 11:17:40 GMT+01:00
To: xx@xxxxxxxxx.com
Reply-To: secure@icloudsafetyteam.co.uk


iCloud/Apple - xx@xxxxxxxxx.com

This message is to inform you that your Apple Account (xx@xxxxxxxxx.com) has been temporarily locked until you can validate your Apple ID details on file. This is a security measure to protect your iCloud Account from unapproved use. We apologise for the inconvenience.

You won't be able to access Apple services or the iTunes & App Store until you verify your Apple Account ownership, we urge you to complete validation as soon as possible. Failure to validate your details within a 24 hours can result in termination of your Apple/iCloud Account to safeguard our system.

How do I validate my Apple Account and unsuspended my Apple ID?
Just proceed to the link below to verify your ID. Login in using your Apple ID and password, then follow the prompts.

> Validate My Apple/iCloud Account Details

While using Apple devices and web services, you’ll still login with your main e-mail address as your Apple login.

If you have questions and need support, please see the Apple ID Support site.

Sincerely,
Apple UK Support

Case Support ID: #I10BA61914-ID9

(our email address x-d out by me for this post)
We hardly ever use Apple ID, do not use iCloud, only interact with them on iTunes and that rarely.

I think it's phishing from this quick Google search:
http://myonlinesecurity.co.uk/spoofed-apple-your-apple-id-has-been-suspended-815268-phishing/

Re: This is a fake message from Apple, right?
Bensheim #30827 08/16/14 02:27 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
This message is to inform you that your Apple Account ... has been temporarily locked until you can validate your Apple ID details on file. This is a security measure to protect your iCloud Account from unapproved use. We apologise for the inconvenience.

That or its ilk is the classic start of virtually every phishing attempt coming down the pipe/pike. Usually it's "from" a bank or email service.

In case it isn't obvious, you should delete tout de suite all such e-messages as your only response to same ... or be beholden to some Nigerian prince. tongue smirk

Under any doubtful circumstances a call to Apple or to your bank or email service provider should dispel lingering doubts. (Just be prepared to get in a queue. Bring a comforting beverage.)

Re: This is a fake message from Apple, right?
Bensheim #30830 08/16/14 06:11 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Log into your Apple account in the normal way. DO NOT ClICK ON A LINK IN THAT EMAIL! When (not if) you are successful, you know that the message is a fake (but you already know that, right?).


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: This is a fake message from Apple, right?
Bensheim #30832 08/16/14 09:19 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Yes, this is a fake "phishing" email. I get about 5 of these a month.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: This is a fake message from Apple, right?
Bensheim #30833 08/16/14 10:30 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
How do I validate my Apple Account and unsuspended my Apple ID?
Just proceed to the link below to verify your ID. Login in using your Apple ID and password, then follow the prompts.


A message from Apple (or any other security-conscious business) would never ask you to log in by clicking a link. The presence of that phrase in an email message is proof, in and of itself, that the message is bogus.

It is not even necessary to notice that Apple would know how to spell unsuspend (even if their built-in spell checker does not). Nor that Apple would know that login is a noun; the corresponding verb is log in (two words). Spelling errors, grammatical errors, and typos are indicative of writers who would rather make a fast buck than an honest one.

Re: This is a fake message from Apple, right?
ganbustein #30836 08/17/14 12:11 AM
Joined: Aug 2009
Likes: 3
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 3

Quote:
A message from Apple (or any other security-conscious business) would never ask you to log in by clicking a link.

Not to mention the fact that the provenance of any such link—in Mail.app, at least—can easily be determined simply by hovering over it, whereupon the actual target URL will be revealed, tool-tip style.



dkmarsh—member, FineTunedMac Co-op Board of Directors
Re: This is a fake message from Apple, right?
dkmarsh #30837 08/17/14 09:58 AM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Originally Posted By: dkmarsh
Not to mention the fact that the provenance of any such link—in Mail.app, at least—can easily be determined simply by hovering over it, whereupon the actual target URL will be revealed, tool-tip style.
The same for Entourage.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: This is a fake message from Apple, right?
dkmarsh #30838 08/17/14 12:25 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Ditto for Thunderbird and for Gmail in Firefox.

Re: This is a fake message from Apple, right?
ganbustein #30839 08/17/14 07:59 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: ganbustein
It is not even necessary to notice that Apple would know how to spell unsuspend (even if their built-in spell checker does not). Nor that Apple would know that login is a noun; the corresponding verb is log in (two words). Spelling errors, grammatical errors, and typos are indicative of writers who would rather make a fast buck than an honest one.


Interestingly, a recent study of Nigerian 419 fraud emails suggests the typos and poor English are deliberate. They want to weed out people who will respond but then later back out, thereby wasting their time; their preference is for people who respond to be gullible and poorly educated (and so less likely to twig on to the fact that something's fishy), and the poor spelling/grammar acts as an early filter.

I wonder if there's something similar going on with phish emails--a better educated victim is more likely, after responding to such an email, to realize something's wrong and change passwords (thus contaminating the phisher's results with non-working passwords) or, worse yet, realize he's been taken and track down the Web host of the phish.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: This is a fake message from Apple, right?
tacit #30841 08/17/14 11:59 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
I also check the address it came from, make sure the domain is legitimate. Also, if you hover over a link, it will give you the address where you are being led, usually a very bad place...

Re: This is a fake message from Apple, right?
slolerner #30846 08/18/14 05:54 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
The address it came from is utterly meaningless. I can send you email with a "from" address of anything I want--your own address, or billgates@microsoft.com, or security@apple.com, or god@heaven.trumpets, or anything else I like. It should never be relied on to validate an email.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: This is a fake message from Apple, right?
tacit #30858 08/20/14 08:38 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: tacit
The address it came from is utterly meaningless. I can send you email with a "from" address of anything I want--your own address …. or anything else I like.

I've received a few emails like that…purporting to be from people I know.

In one case it was done very cleverly. It looked like it was from a friend in another city and opened with the question "What do you think of this?", then signed off with his first name. It was linked to one of those "get rich quick" sites that advertise high wages for little work.

When I called the friend, he had no idea what it was about.

I assume that whoever copped his email address also took a look through his organizer.

Last edited by ryck; 08/20/14 08:39 AM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: This is a fake message from Apple, right?
ryck #30859 08/20/14 11:55 AM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: ryck
I assume that whoever copped his email address also took a look through his organizer.

The scammer may not have "…took a look through his organizer" and in fact the data may have been — even most likely was — obtained the from a virus infected third party computer. Just because an email appears to come from a given source, seldom reveals the actual source. This is "old school" scamming technology that has been around for at least ten or fifteen or more years. Even documents on an infected computer can be harvested for email addresses and associated sender/receiver pairs.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: This is a fake message from Apple, right?
tacit #30860 08/20/14 12:45 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
I guess a very sophisticated phish could look like it came from the actual microsoft.com domain. I have my email set to always show the header. Usually, the domain kinda sounds like a known one, but is a subtle, or not-so-subtle, variation of that. Once, I got an email with the domain from a real sheriff's office in FLA. You know, someone stranded in Europe, wire me money to get home and I will ABSOLUTELY pay you when I get back. Problem was, the cc instead of the bcc field was used and I could see my email was part of an alphabetical list. So, I called the Sheriff's Office in FLA and spoke to the sheriff. Turns out it was some serious mischief by his son.

Re: This is a fake message from Apple, right?
ryck #30880 08/21/14 04:40 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
It's not necessary to hack someone's email to send a message with that "from" address.

When you set up an email account, there's a space for you to type in your email address. You can type anything you want in that space--it's not checked or validated. So for example I could set up Mail.app to use an email provider, only where it says "your email address," I could type "william.gates@admin.microsoft.com" and that's what would show up in the From: field. I wouldn't need to get access to Bill Gates' email account to send email with his From: address.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: This is a fake message from Apple, right?
tacit #30882 08/21/14 09:29 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: tacit
I wouldn't need to get access to Bill Gates' email account to send email with his From: address.

….which I assume would explain why I was once advised that forwarding the emails to authorities is not overly helpful unless the headers are expanded.

I now have a standard procedure whenever I receive any kind of phishing message. I use Apple mail and go to View>Message and select "All Headers". Then the email is forwarded to the people at my ISP who deal with this stuff. If the mail has purported to be from a company, such as a bank, it is also forwarded to that company's fraud department.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: This is a fake message from Apple, right?
ryck #30883 08/21/14 12:04 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Quote:
I use Apple mail and go to View>Message and select "All Headers". Then the email is forwarded to the people at my ISP who deal with this stuff. If the mail has purported to be from a company, such as a bank, it is also forwarded to that company's fraud department.


That's what I was talking about. Except I use 'show headers' all the time. it's a way of documenting emails as real if they are printed afterwards.

Re: This is a fake message from Apple, right?
slolerner #30886 08/21/14 03:32 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: slolerner
That's what I was talking about. Except I use 'show headers' all the time.

I got that part. It just wasn't clear to me that you then forward the emails to the people who use the data to trace the source and deal with the offenders.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: This is a fake message from Apple, right?
ryck #30898 08/21/14 09:47 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
One thing you can do is create a free account at spamcop.net and then, whenever you get one of these emails, copy the link from the email and paste it into Spamcop. It will tell you the abuse address of the ISP that is hosting the phish Web page. Emailing them usually gets the phish page shut down pretty quick.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.037s Queries: 52 (0.028s) Memory: 0.6732 MB (Peak: 0.8066 MB) Data Comp: Zlib Server Time: 2024-03-28 16:13:42 UTC
Valid HTML 5 and Valid CSS