Anyone with an Apple device probably knows something about the ubiquitous Apple ID. After managing a few iOS devices here in ESSD Tech Central, I (along with the Mobile Device Manager) have seen a few email communications from Apple over Apple ID’s. Familiarity with these official communications is not necessarily needed to detect when something phishy is going on.
Phishing is a social engineering technique used by people who are not good friends to trick you into divulging personal information. (See this edition of the SANS OUCH! Newsletter for more information about e-mail phishing and scams.)
With a cursory reading of this email I received today that looked official, I spotted several items that smelled funny.
1. The sender claims to know my Apple ID is locked, so why not address me by the name under which I registered the Apple ID?
2. Who must reply? The email? I diagrammed enough sentences in Mrs. Hobbs’ 8th grade English class to deduce that this sentence is indicating the message must reply. How can that happen?
3. Wow! A massive run-on sentence masquerading as a paragraph. The NSA should flag this email on bad grammar alone.
4. Don’t let a slow Internet connection (or school content filter) stop you from clicking on our phishing link.
5. Hovering over this link with the mouse cursor reveals a shortened URL which is highly suspicious when present in an unsolicited communication.
6. These are legitimate links probably included to add a sense of authenticity to the email.