Security is of the utmost importance in this contemporary digital age. Phishing – the process of criminals gaining sensitive information – potentially card details, is an ever-increasing problem. Being savvy and sensible on the Internet is of crucial importance. However, it isn’t always easy to do so – especially in the case of scams which look legitimate.
Apple, one of the largest companies in the world – take pride in customer loyalty, as already discussed on this blog. However even Apple are powerless to stop criminals trying to access sensitive information. Not for the first time, I received an email, purportedly from Apple, which suggested that an order had been shipped, before the next day another was sent, supposedly after suspicious activity was detected.
However, there are several tell-tale signs that this is not legitimate. The first of all, and is a home-banker to begin with, is the simple fact I have never set up an Apple account. Although that is unusual in the modern day world. So rolling with the idea that the recipient of this email has an Apple ID, it would be normal to be scared. An order you haven’t completed? Sounds strange. A second sign could be the sender – Apple with the trademark sign, although why would Apple need to include this? Let’s take a look at the first email, suggesting an order has been shipped.
Unlike the majority of phishing emails, this is a very legitimate effort. The order suggests I have made a purchase for $75.22. As I reside in the United Kingdom, this would be an unusual currency to purchase with. However, perhaps the user thinks, hey, Apple is an American company, this makes sense. The blocked out parts are simply my email address, which generally is different to an Apple ID, another sign this is a scam. At the bottom of the email:
Now, again the information provided all looks good, even professional. As the email correctly states, Apple is Luxembourg-registered, while that is a story for another day, it is still true. Now, the user who feels they haven’t made this purchase would now head for the ‘Manage/Cancel subscription’ option. So the user clicks on the link, resulting in the following:
Again, an impressive look – the designers of this site took their time. On paper, it looks highly legitimate. A slightly worrying note is that it wasn’t picked up by Antivirus. So, the user thinks they have to cancel this order, they are in a panic, yet in the midst of this panic, they enter their details, sign in using their Apple ID, then their password. They click ‘sign in’, and lo and behold, the user has just handed over their information to criminals. This of course will lead to many more problems. Yet it is worryingly quick – all it would take is under a minute. The biggest tell-tale sign of them all is the actual URL. If you notice, the website is ‘Twisted Flow’ – the last time I checked this wasn’t the URL for Apple. So several signs all together, but all easily missed.
While this was a professional effort, the next day another email was sent. This one was about supposed ‘suspicious activity’ on my account. In an age where we are all very careful, this again would be easy to alarm anyone. However, while the first email was professional, the second email was a bit of a ‘dog’s dinner’ – a disaster. Take a look at this:
Firstly, the Apple logo is all wrong. As if that wasn’t a sign not to proceed, it is well documented Apple and other large companies don’t ever address you without you name. On this occasion, when I clocked on the link, it was sending me towards a ‘Bitly.com’ site. However fortunately, Bitly had picked up that this was a dangerous site and warned the user not to proceed.
So overall, the first email was a very good effort – it looked and sounded legitimate, and would be enough to worry the vast majority of people. While the second email wasn’t very impressive, again it would be enough to scare some users. But fortunately, there are several signs that show the user not to proceed. It is so easy to get caught out these days, but being careful is also easily done. Remember never to click on any links in these emails, and in general to be very careful with what information you are handing over. I hope these screenshots have helped in some way. While the Internet is a great place, it also has the potential to be a dark place. Thanks for reading!
(‘079’)
/MF/