Iforgot dot apple dot com Phishing Emails

Cybercriminals are getting ever more inventive in their attempts to scam and defraud people. The phishing email scam abusing the iforgot dot apple dot com page is one such example.

The clever trick used in the phishing email campaigns that attempt to abuse the iforgot Apple page is very simple, but a lot of people fail to see through it, simply because of how they are used to browsing the internet.

The phishing emails urge their victims to click on what looks like a perfectly legitimate Apple page and then enter their Apple ID and credentials, because their account has supposedly been deactivated for "security reasons".

The catch here is, iforgot dot apple dot com is a legitimate page. You can type that same URL in your browser's address bar and see the legitimate page and its valid certificate. The trick is that the link you see in the scam phishing emails only says 'iforgot dot apple dot com' on the screen, as it is a hyperlink. The way hyperlinks work, you can use any text and have it link to any other, arbitrary actual URL you are redirected to when you click the text link.

In this case, the phishing email only looks as though you are following a link to a legitimate Apple page. However, if you hover over it, you can see the real location the link leads to in the browser's status bar.

When you click the link, you can also see that if the phishing email did not actually send you to the page it said it would. Just check your browser's address bar, to discover that you have not actually landed on 'iforgot dot apple dot com', but on a different page, likely designed to resemble the legitimate one, but operated by the criminals.

This fake page is used to harvest the account information of victims, which then can be used for all kinds of malicious purposes.

The simplest way to avoid similar scams and phishing attempts is to always check what real URL the link will redirect you to, by hovering your mouse cursor over the link and looking at the browser's status bar. When you see a discrepancy there, or a page you don't recognize, it's always best to delete the email that contains the fake link.

September 14, 2021