News: Beware of Phishing Emails from “Apple”

Posted on December 26, 2011

You may have been unpacking a new iPad or Apple TV in the last day or so, but there is a scam aiming to get your credit card information. Intego’s Mac Security Blog reports that emails have been sent out from “appleid@id.apple.com” encouraging users to update their billing information, complete with paper graphic stationery, and links at the bottom for Apple services.

Example emails are below, and Intego explains more:

If you click on the link in the message, you will be taken to a realistic looking sign-in page, then, after entering your Apple ID and password, you’ll be taken to a page asking you to update your account profile, notably entering your credit card information. Again, this page looks realistic, and many of the elements it contains are taken from Apple’s own web pages.

Phishing emails

The easiest way to tell if an email is real or fake is to look at the tooltip for a link:

As you can see above, the URL that displays is not an apple.com address, but rather a numerical address (we’ve blurred the first part of the address). At the end of the address is a page called apple.htm, which could fool people, but that’s not what’s important. Always look at the part right after the http:// in the URL: if it’s not something.apple.com (it could be www.apple.com, store.apple.com, or something else), then it’s bogus.

Obviously, common sense applies here, as with any phishing scams, but for those who are unfamiliar with Apple’s usual emails or may be new to the world of iDevices, this is obviously another scummy scam.

This post has been filed in News