An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#30826 - 08/16/14 06:39 AM This is a fake message from Apple, right?
Bensheim Offline


Registered: 08/16/09
Loc: UK
From: Apple <secure@icloudsafetyteam.co.uk>
Subject: Apple ID Temporarily Locked
Date: 16 August 2014 11:17:40 GMT+01:00
To: xx@xxxxxxxxx.com
Reply-To: secure@icloudsafetyteam.co.uk


iCloud/Apple - xx@xxxxxxxxx.com

This message is to inform you that your Apple Account (xx@xxxxxxxxx.com) has been temporarily locked until you can validate your Apple ID details on file. This is a security measure to protect your iCloud Account from unapproved use. We apologise for the inconvenience.

You won't be able to access Apple services or the iTunes & App Store until you verify your Apple Account ownership, we urge you to complete validation as soon as possible. Failure to validate your details within a 24 hours can result in termination of your Apple/iCloud Account to safeguard our system.

How do I validate my Apple Account and unsuspended my Apple ID?
Just proceed to the link below to verify your ID. Login in using your Apple ID and password, then follow the prompts.

> Validate My Apple/iCloud Account Details

While using Apple devices and web services, you’ll still login with your main e-mail address as your Apple login.

If you have questions and need support, please see the Apple ID Support site.

Sincerely,
Apple UK Support

Case Support ID: #I10BA61914-ID9

(our email address x-d out by me for this post)
We hardly ever use Apple ID, do not use iCloud, only interact with them on iTunes and that rarely.

I think it's phishing from this quick Google search:
http://myonlinesecurity.co.uk/spoofed-apple-your-apple-id-has-been-suspended-815268-phishing/

Top
#30827 - 08/16/14 07:27 AM Re: This is a fake message from Apple, right? [Re: Bensheim]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
This message is to inform you that your Apple Account ... has been temporarily locked until you can validate your Apple ID details on file. This is a security measure to protect your iCloud Account from unapproved use. We apologise for the inconvenience.

That or its ilk is the classic start of virtually every phishing attempt coming down the pipe/pike. Usually it's "from" a bank or email service.

In case it isn't obvious, you should delete tout de suite all such e-messages as your only response to same ... or be beholden to some Nigerian prince. tongue smirk

Under any doubtful circumstances a call to Apple or to your bank or email service provider should dispel lingering doubts. (Just be prepared to get in a queue. Bring a comforting beverage.)

Top
#30830 - 08/16/14 11:11 AM Re: This is a fake message from Apple, right? [Re: Bensheim]
jchuzi Offline


Registered: 08/04/09
Loc: New York State
Log into your Apple account in the normal way. DO NOT ClICK ON A LINK IN THAT EMAIL! When (not if) you are successful, you know that the message is a fake (but you already know that, right?).
_________________________
Jon

OS 10.14.4, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#30832 - 08/16/14 02:19 PM Re: This is a fake message from Apple, right? [Re: Bensheim]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Yes, this is a fake "phishing" email. I get about 5 of these a month.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#30833 - 08/16/14 03:30 PM Re: This is a fake message from Apple, right? [Re: Bensheim]
ganbustein Offline


Registered: 08/04/09
How do I validate my Apple Account and unsuspended my Apple ID?
Just proceed to the link below to verify your ID. Login in using your Apple ID and password, then follow the prompts.


A message from Apple (or any other security-conscious business) would never ask you to log in by clicking a link. The presence of that phrase in an email message is proof, in and of itself, that the message is bogus.

It is not even necessary to notice that Apple would know how to spell unsuspend (even if their built-in spell checker does not). Nor that Apple would know that login is a noun; the corresponding verb is log in (two words). Spelling errors, grammatical errors, and typos are indicative of writers who would rather make a fast buck than an honest one.

Top
#30836 - 08/16/14 05:11 PM Re: This is a fake message from Apple, right? [Re: ganbustein]
dkmarsh Offline
Moderator

Registered: 08/04/09

Quote:
A message from Apple (or any other security-conscious business) would never ask you to log in by clicking a link.

Not to mention the fact that the provenance of any such link—in Mail.app, at least—can easily be determined simply by hovering over it, whereupon the actual target URL will be revealed, tool-tip style.
_________________________

dkmarsh • member, FineTunedMac Co-op Board of Directors

Top
#30837 - 08/17/14 02:58 AM Re: This is a fake message from Apple, right? [Re: dkmarsh]
jchuzi Offline


Registered: 08/04/09
Loc: New York State
Originally Posted By: dkmarsh
Not to mention the fact that the provenance of any such link—in Mail.app, at least—can easily be determined simply by hovering over it, whereupon the actual target URL will be revealed, tool-tip style.
The same for Entourage.
_________________________
Jon

OS 10.14.4, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#30838 - 08/17/14 05:25 AM Re: This is a fake message from Apple, right? [Re: dkmarsh]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Ditto for Thunderbird and for Gmail in Firefox.

Top
#30839 - 08/17/14 12:59 PM Re: This is a fake message from Apple, right? [Re: ganbustein]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Originally Posted By: ganbustein
It is not even necessary to notice that Apple would know how to spell unsuspend (even if their built-in spell checker does not). Nor that Apple would know that login is a noun; the corresponding verb is log in (two words). Spelling errors, grammatical errors, and typos are indicative of writers who would rather make a fast buck than an honest one.


Interestingly, a recent study of Nigerian 419 fraud emails suggests the typos and poor English are deliberate. They want to weed out people who will respond but then later back out, thereby wasting their time; their preference is for people who respond to be gullible and poorly educated (and so less likely to twig on to the fact that something's fishy), and the poor spelling/grammar acts as an early filter.

I wonder if there's something similar going on with phish emails--a better educated victim is more likely, after responding to such an email, to realize something's wrong and change passwords (thus contaminating the phisher's results with non-working passwords) or, worse yet, realize he's been taken and track down the Web host of the phish.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#30841 - 08/17/14 04:59 PM Re: This is a fake message from Apple, right? [Re: tacit]
slolerner Offline


Registered: 08/25/09
Loc: New York City
I also check the address it came from, make sure the domain is legitimate. Also, if you hover over a link, it will give you the address where you are being led, usually a very bad place...

Top
#30846 - 08/17/14 10:54 PM Re: This is a fake message from Apple, right? [Re: slolerner]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
The address it came from is utterly meaningless. I can send you email with a "from" address of anything I want--your own address, or billgates@microsoft.com, or security@apple.com, or god@heaven.trumpets, or anything else I like. It should never be relied on to validate an email.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#30858 - 08/20/14 01:38 AM Re: This is a fake message from Apple, right? [Re: tacit]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: tacit
The address it came from is utterly meaningless. I can send you email with a "from" address of anything I want--your own address …. or anything else I like.

I've received a few emails like that…purporting to be from people I know.

In one case it was done very cleverly. It looked like it was from a friend in another city and opened with the question "What do you think of this?", then signed off with his first name. It was linked to one of those "get rich quick" sites that advertise high wages for little work.

When I called the friend, he had no idea what it was about.

I assume that whoever copped his email address also took a look through his organizer.


Edited by ryck (08/20/14 01:39 AM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX710 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#30859 - 08/20/14 04:55 AM Re: This is a fake message from Apple, right? [Re: ryck]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: ryck
I assume that whoever copped his email address also took a look through his organizer.

The scammer may not have "…took a look through his organizer" and in fact the data may have been — even most likely was — obtained the from a virus infected third party computer. Just because an email appears to come from a given source, seldom reveals the actual source. This is "old school" scamming technology that has been around for at least ten or fifteen or more years. Even documents on an infected computer can be harvested for email addresses and associated sender/receiver pairs.
_________________________
joemikeb • moderator

Top
#30860 - 08/20/14 05:45 AM Re: This is a fake message from Apple, right? [Re: tacit]
slolerner Offline


Registered: 08/25/09
Loc: New York City
I guess a very sophisticated phish could look like it came from the actual microsoft.com domain. I have my email set to always show the header. Usually, the domain kinda sounds like a known one, but is a subtle, or not-so-subtle, variation of that. Once, I got an email with the domain from a real sheriff's office in FLA. You know, someone stranded in Europe, wire me money to get home and I will ABSOLUTELY pay you when I get back. Problem was, the cc instead of the bcc field was used and I could see my email was part of an alphabetical list. So, I called the Sheriff's Office in FLA and spoke to the sheriff. Turns out it was some serious mischief by his son.

Top
#30880 - 08/20/14 09:40 PM Re: This is a fake message from Apple, right? [Re: ryck]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
It's not necessary to hack someone's email to send a message with that "from" address.

When you set up an email account, there's a space for you to type in your email address. You can type anything you want in that space--it's not checked or validated. So for example I could set up Mail.app to use an email provider, only where it says "your email address," I could type "william.gates@admin.microsoft.com" and that's what would show up in the From: field. I wouldn't need to get access to Bill Gates' email account to send email with his From: address.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#30882 - 08/21/14 02:29 AM Re: This is a fake message from Apple, right? [Re: tacit]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: tacit
I wouldn't need to get access to Bill Gates' email account to send email with his From: address.

….which I assume would explain why I was once advised that forwarding the emails to authorities is not overly helpful unless the headers are expanded.

I now have a standard procedure whenever I receive any kind of phishing message. I use Apple mail and go to View>Message and select "All Headers". Then the email is forwarded to the people at my ISP who deal with this stuff. If the mail has purported to be from a company, such as a bank, it is also forwarded to that company's fraud department.
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX710 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#30883 - 08/21/14 05:04 AM Re: This is a fake message from Apple, right? [Re: ryck]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Quote:
I use Apple mail and go to View>Message and select "All Headers". Then the email is forwarded to the people at my ISP who deal with this stuff. If the mail has purported to be from a company, such as a bank, it is also forwarded to that company's fraud department.


That's what I was talking about. Except I use 'show headers' all the time. it's a way of documenting emails as real if they are printed afterwards.

Top
#30886 - 08/21/14 08:32 AM Re: This is a fake message from Apple, right? [Re: slolerner]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: slolerner
That's what I was talking about. Except I use 'show headers' all the time.

I got that part. It just wasn't clear to me that you then forward the emails to the people who use the data to trace the source and deal with the offenders.
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX710 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#30898 - 08/21/14 02:47 PM Re: This is a fake message from Apple, right? [Re: ryck]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
One thing you can do is create a free account at spamcop.net and then, whenever you get one of these emails, copy the link from the email and paste it into Spamcop. It will tell you the abuse address of the ISP that is hosting the phish Web page. Emailing them usually gets the phish page shut down pretty quick.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top

Moderator:  alternaut, dianne, MacManiac