Thursday, August 22, 2013

Something Fishy Going On


Anyone with an Apple device probably knows something about the ubiquitous Apple ID.  After managing a few iOS devices here in ESSD Tech Central, I (along with the Mobile Device Manager) have seen a few email communications from Apple over Apple ID’s.  Familiarity with these official communications is not necessarily needed to detect when something phishy is going on.

Phishing is a social engineering technique used by people who are not good friends to trick you into divulging personal information.  (See this edition of the SANS OUCH! Newsletter for more information about e-mail phishing and scams.)

With a cursory reading of this email I received today that looked official, I spotted several items that smelled funny. 

1.  The sender claims to know my Apple ID is locked, so why not address me by the name under which I registered the Apple ID?
2.  Who must reply?  The email?  I diagrammed enough sentences in Mrs. Hobbs’ 8th grade English class to deduce that this sentence is indicating the message must reply.  How can that happen?
3.  Wow!  A massive run-on sentence masquerading as a paragraph.  The NSA should flag this email on bad grammar alone.
4.  Don’t let a slow Internet connection (or school content filter) stop you from clicking on our phishing link.
5.  Hovering over this link with the mouse cursor reveals a shortened URL which is highly suspicious when present in an unsolicited communication.
6.  These are legitimate links probably included to add a sense of authenticity to the email.

This email and others like it have been tossed into the Junk Email filter.  If I believe a real need exists to check on my Apple ID, I can do that safely at applied.apple.com.

1 comment:

  1. I'm glad to see the phisher noted that it has "come to YOUR attention" instead of "OUR attention" too.

    ReplyDelete