Here’s another scam email that arrived in my inbox this morning, this time attempting to gain access to my Apple iCloud account.
You may recall the news sensation from August when a large number of nude photos of celebrities were taken from their iCloud accounts and posted publicly online. It turned out that these images were obtained by hackers using a targeted attack to extract account information, that is, their Apple ID and password.
As we’ve seen in similar incidents, these types of email phishing attempts are often launched from non-western countries and as such, almost always contain incorrect grammar or spelling mistakes that give the game away. Read More »
This Paypal email scam is another dangerous one that relies on your instant emotional reaction. If you have a PayPal account you are probably accustomed to receiving this sort of email each time you use your account to purchase something online.
Hovering over the “click here” link reveals it will not be sent to PayPal but some other address
First impressions count
The thought process that quickly runs through your head after receiving an email like this is usually something like the following: Read More »
Watch out for more scam emails. Here’s one I received this morning pretending to be from Apple.
You’ll need to update your apple account
It appears I have been logged out of my apple account and to get back in I need to update my account. Hmmm…my “apple” account? I think they mean my “Apple” account.
Lets have a closer look at the contents of the email:
Don’t take the bait! Hover first
The unsuspecting recipient of this email would click on the ‘Update Now’ link, be taken to the scammer’s website, which probably looks identical to the Apple website, and enter their Apple ID and password.
By hovering the mouse cursor over the “Update now” link we can determine where the link would take us without actually clicking it. Doing so on this email reveals that the link doesn’t lead to www.apple.com. Instead, our browser would load up the intruder’s domain – www.gaminges.com, and to a javascript (“js”) folder. Potentially nasty.
Hovering over the link pops up the destination URL.
Identifying the sender
We can also determine who the sender is. Just click on the little downward pointing arrow to the right of the sender’s name and a drop down menu appears. And look at that – the sender’s domain is not apple.com but iapple.com.
Note that the domain of the sender is iapple.com
Dear Costumer, please update your account informations.
Though I do enjoy dressing up occasionally, I don’t think that is what the author of this email intended. Nor did they realise that the plural of “information” is… “information”.
Be on the lookout for emails like this arriving in your inbox. One day these scammers will learn proper grammar, making it less obvious.
Always remember though, don’t click on links without hovering over them to check them out first.
Some email scams are obvious, others are not. The best ones (or worst ones, rather) are those that take advantage of familiarity to trick you into clicking on them.
You have a new personal message
I recently received a email with the familiar Facebook colour scheme and layout. I noticed that the sender was not “Facebook” but was from some stranger, “Ava”.
The subject heading of the email read:
You have unread messages that will be deleted in a few days
Beware of emails pretending to be from YouTube. I’ve received a few variations notifying me that my video has been approved or that I’ve received a personal message. It includes a link to your new video or a link to what looks like your inbox but it is in fact a third party website. Read More »