iCloud logo with bandit maskHere’s another scam email that arrived in my inbox this morning, this time attempting to gain access to my Apple iCloud account.

You may recall the news sensation from August when a large number of nude photos of celebrities were taken from their iCloud accounts and posted publicly online. It turned out that these images were obtained by hackers using a targeted attack to extract account information, that is, their Apple ID and password.

As we’ve seen in similar incidents, these types of email phishing attempts are often launched from non-western countries and as such, almost always contain incorrect grammar or spelling mistakes that give the game away.

“Your Apple id Open On unauthorized Computer ✔”

Note that “id” is in lower case, the less significant “On” is given an upper case ‘O’, while the next word in the title “unauthorized” begins with a lower case ‘u’. These inconsistencies followed by the tick at the end of the subject title all indicate that this is not a legitimate email sent from Apple.

Hover over links, don’t click

As usual, hovering over the link behind the words “Check Now” reveals that the link leads not to Apple, but to a domain that appears to be related to the International Christian School of Teachers.

iCloud Scam screenshot

Check the sender’s address

Just as the URL masked by the words “Check Now” can be revealed, the sender’s email address can also be viewed by clicking on the drop down arrow beside the sender’s email address:

Email sender's address

Digging deeper: Running a Whois search

Running a simple Whois search can determine who registered the domain and can provide the name, address, and contact details of the registrant.

A Whois search also provides a contact email for abuse and it is worth reporting any email phishing attempts like this one.

Always remember as a general rule: Don’t click on links in emails.

If you enjoyed this article please share it.