There seems to have been a rise in bad email specifically targeting AppleID accounts.
Usually the email is attempting to get you to enter your AppleID and password.
I've seen 3 of these in the past two weeks and others are reporting similar concerns.
Generally the email takes one of two formats:
- something is wrong with your AppleID account - just log in to fix it
- something "odd" has been purchased on your AppleID - just log in to verify the purchase
For example, one email indicated that "your AppleID has been used to purchase 'Game of Thrones' from an unusual location".
Whatever the format or claim, following the suggested links and entering your AppleID and password to verify or correct the information can lead to unintended exposure of your account information.
There are some things you can do to verify that the email is not a valid AppleInc. notification, to slightly reduce your overall exposure, and to report the problem to Apple.
1) reporting the problem to allow Apple Inc. so they can take some action is quite simple by forwarding the message to an appropriate Apple email address:
a) open the original email message in MAIL
b) select VIEW > MESSAGE > RAW SOURCE
c) select all and copy the entire RAW SOURCE of the message
e) Write a brief subject indicating a PHISHING attempt and describing how you received the original message
f) paste in the RAW SOURCE you'd copied earlier and hit SEND
- this RAW SOURCE allows Apple to examine all of the email server paths and "hidden" links that the original message may have contained
2) verifying original message is not legitimate: examine the RAW SOURCE you'd selected earlier. Within it you will probably find many legitimate Apple links such as "http://euro.apple.com" or "http://iforgot.apple.com".
You will probably also see a few very odd links which have nothing to do with AppleInc. These could be any domains such as:
....just odd (perhaps already compromised) web addresses which seem to have no connection to "apple.com". One sure indicator that something phishi is happening is the presence of non-Apple links in a message supposedly
originating at Apple. Apple rarely if ever does that.
3) reducing potential of exposure: one simple step you can take to help reduce your exposure profile through email is to deselect "Load remote content in messages"
a) MAIL > PREFERENCES > VIEWING
b) uncheck/deselect LOAD REMOTE CONTENT IN MESSAGES if it is checked
- if this option is checked and the sender includes a graphic in the email message, when you open the message in MAIL, this can be an automatic indication to the sender that your email address is "alive"/someone
is actually using the address. Just the fact that your mail package requested the graphic can trigger a confirmation to the sender.
If you deselect this option, graphics are not loaded automatically but can be loaded manually within the email message as you read it. You'll see a "LOAD REMOTE CONTENT" button in the top-right of your email message.
Deselecting this option gives you an opportunity to scan your email message first before loading the graphics allowing you to screen out any suspect email messages.
This is not a guarantee that your email address will be 100% safe. It does, however, reduce the chances of an accidental confirmation/exposure relating to your email account via this "load a graphic" mechanism.
I hope you find this information to be useful.
Please feel free to email questions or concerns you may have.
Thanks,
Wayne Billing
Classroom Technology Support
Audio Visual and Classroom Technology Support
Computer and Network Support
130 Machray Hall Building