What Do Apple Phishing Emails Look like in 2018 and What to Do If You Get One?
In February, Apple announced that there are 1.3 billion active devices that have the bitten forbidden fruit on them. Even after taking into account the fact that some people own more than one Apple device, this is still a huge number of users who have AppleIDs, passwords, credit cards, and other personal information. How can the crooks get to that data?
They could try tricking users into installing keyloggers, but that's not terribly easy, especially in the closed MacOS and iOS ecosystems. It's much easier to just phish the data.
What is phishing?
Some people tend to refer to virtually all malicious emails as phishing emails, but in the more traditional sense of the word, phishing is a very specific type of cyberattack. The idea is that scammers impersonate a service provider like Apple, and they try to convince you that you need to log in to your account for some reason. There is a direct "Click here to log in" link, and there's always a sense of urgency (e.g., some suspicious activity has supposedly been spotted from your account).
The link leads you to a web page that usually looks like the real Apple login page but is actually a fake set up and controlled by the phishers. Because you're in a hurry to see if everything's okay with your account, you fail to notice that you're not where you're supposed to be, and you enter your login credentials (as well as your credit card details in some cases). The data is, of course, sent the crooks' way.
What do Apple phishing emails look like?
Phishers come in all shapes and sizes, and they're spread all over the world. Predictably, some are more sophisticated than others. The gap between the most carefully thought through attacks and the most rudimentary ones is actually fairly huge, and this becomes apparent when you take a look at a couple of examples of phishing emails. Here's the first one:
Oh no! Hacked I was for apple money payment confirm I have to! pic.twitter.com/kDyRlo59y5
— GrandKeys? (@GrandKeysStream) May 14, 2018
It shouldn't be too difficult to spot that something with the email from the screenshot is not quite right. The fact that the user's name isn't mentioned is suspicious at best, and the Nigerian Prince grammar is a dead giveaway. Despite the obvious errors, there are people falling for these types of scams. On the whole, however, campaigns like the one above tend to be short-lived, and the number of victims is usually relatively small. Other phishing attacks work on a much larger scale and are miles more sophisticated, though.
Recently, Trend Micro uncovered such an attack targeting Apple users. The European Union's GDPR is looming which means that big tech companies like Apple are changing their Privacy Policies at the moment. As a result, you are likely to find some emails from some of the service providers you're using in your inbox.
The phishers timed their campaign to coincide with these changes which increases the chances of users falling for the scam. Their emails had no grammatical errors, they were crafted carefully, and the fake login page looked identical to the real thing. In addition to all this, the crooks put in place a few other mechanisms to evade security products and anti-phishing filters.
The two examples we showed you prove that phishing attacks can be simple, sophisticated, and everything in between. They should never be underestimated.
How to avoid getting phished?
Many people are convinced that they can't possibly fall victim to a phishing scam. They tend to have a change of heart when they inadvertently divulge sensitive information to the crooks. The truth is, staying out of the phishers' nets isn't impossible. You just need to be a bit more careful when you go online. Here are a couple of things you can do.
- Keep your eyes peeled. Sometimes, you expect to receive email correspondence from your service provider, and sometimes, you don't. If you find an unexpected message in your inbox, treat it with extreme caution. Carefully check who is sending you the email and take a closer look at the address bar of your browser. Apple won't communicate with you from a Gmail account, and as a general rule, the green padlock to the left of the URL should always be present when you're entering usernames, passwords, and other sensitive information. If the email isn't coming from an @apple.com address, delete it immediately. If there's no https:// at the beginning of the URL, close the browser and don't look back.
- Don't trust the emails in your inbox. It's not the easiest thing to pull off, but the sender's email address can be spoofed, and phishers, especially the more sophisticated ones, have a few tricks up their sleeves that can make a fake URL look legitimate. The upshot is, even your eyes might not be entirely trustworthy sometimes. If you do think that something might be wrong with your Apple account, navigate to the login page manually, and don't follow any links in the email. It really is the only way of ensuring that you go where you want to go.
Phishing attacks evolved quite a bit over the last few years, and so did the products designed to protect us from them. Nevertheless, vigilance is still essential when you're doing your everyday online tasks.