Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Developer Center Outage Sparks New Round of Phishing Attacks

E

elfxmilhouse

macrumors 6502a
Oct 15, 2008
606
144
Northeast USA
Madmic23 said:
It always amazes me how scammers can be so smart when it comes to creating fake websites, collecting data, and getting in through back doors, but are so incredibly stupid at putting together a simple sentence.
Click to expand...

they are smarter than you think.
the poor grammar and other "mistakes" are done on purpose to weed out those that are too smart to fall for scams.

edit: example from the classic nigerian scams: http://www.onthemedia.org/2012/aug/31/why-nigerian-email-scams-work/transcript/
 
A

AnonMac50

macrumors 68000
Mar 24, 2010
1,578
324
ArmCortexA8 said:
If anyone actually falls for this, they should not be a Developer. The grammar in this email is shocking. Apple don't address with "Dear Apple Customer" / Apple Don't use "to get back into your account" / Apple never use "update now" links, as Apple always shows the full link in emails / "Confirmed" should not be capitalised / Apple don't use the term "right away" / Apple don't use the term "fraudsters" (ironically the fraudsters are the one's sending these out) / And "yours sincerely, apple" - no capital A an no carriage return after "sincerely".

Oh and the the way, where's the Apple Logo?
Click to expand...

So anyone to whom English is not their first language should not be an Apple developer?
 
FirstNTenderbit

FirstNTenderbit

macrumors 6502
Jan 15, 2013
355
0
Atlanta
ArmCortexA8 said:
If anyone actually falls for this, they should not be a Developer. The grammar in this email is shocking. Apple don't address with "Dear Apple Customer" / Apple Don't use "to get back into your account" / Apple never use "update now" links, as Apple always shows the full link in emails / "Confirmed" should not be capitalised / Apple don't use the term "right away" / Apple don't use the term "fraudsters" (ironically the fraudsters are the one's sending these out) / And "yours sincerely, apple" - no capital A an no carriage return after "sincerely".

Oh and the the way, where's the Apple Logo?
Click to expand...

All of your points are absolutely correct. If this phishing attack was directed at the Dev Community then someone wasted their time. HOWEVA If it was directed at the general public, I am pretty sure someone will fall for it. Not ever Apple customer is a native English speaker. The readily apparent errors we see may not register. Hell, even native English speakers can't agree completely on what's proper English.

Go to a tech site and you will see 'Apple are' and 'Samsung don't'. Look at a legal document and you will see 'Apple is' and Samsung doesn't'. We can all be less indignant when we realize these phishing scams aren't targeted to the most sophisticated/technically savvy. They are targeted to less worldly, more naive. With that in mind it only has to be good enough to fool the targeted demographic.
 
D

donutbagel

macrumors 6502a
Jun 9, 2013
932
1
The classic two periods at the end of the sentence :p

----------
PracticalMac said:
...or someone for whom English is not a native language.
Click to expand...

Someone who also didn't use Google Translate.

----------
bacaramac said:
If a dev falls for this, they deserve to get scammed. I have also heard the poor grammer, etc is to weed out people who wouldn't fall for scam. If you continue to page and input your credentials, you will probably continue giving info like credit card, ssn, etc.
Click to expand...

What's the harm in allowing smarter users to continue to the site? Do they just not want to deal with the server load?

EDIT: The reason the article gave is this: "They need to filter out the people who might respond but wouldn’t in the end send them any money." But this is for scam emails, not an automated phishing site.
 
HiRez

HiRez

macrumors 603
Jan 6, 2004
6,250
2,576
Western US
Hilarious that Confirm is capitalized in the middle of a sentence but Apple is not. Gotta love random capitalization. Well played, idiots.

Frankly, anyone who falls for such an obviously shoddy scheme deserves it (although anyone, especially any developer, should know to never click on email links regardless).
 
KdParker

KdParker

macrumors 601
Oct 1, 2010
4,793
998
Everywhere
Um...really would like my dev site back up....love the status page, but I need to see some movement.

j/k (some what)
 
Last edited:
needfx

needfx

Suspended
Aug 10, 2010
3,931
4,247
macrumors apparently
Hi,

My name is Prince Bakou of Nigeria

I know this message will come to you as a surprise. I am the bill and exchange manager in Bank of Africa. Oh and I am prince too. I think I mentioned it. Anyhoo, I got about a gazillion dollars (that is nigerian $) I want to share with you and your family. YOur urgent assistance is required in transferring said amount to your bank account within 14 days.

Please let me know your :

Name, Surname
ID/Passport number
IBAN / Sort code
Address
Telephone/Mobile/Fax/Email/Facebook page

Hope to receive you reply soon,

Prince Bakou
Banker BON
 
Aragrist

Aragrist

macrumors newbie
Jun 7, 2011
25
3
Southern California
I like how all of us are making fun of the spelling and grammar and each of our comments are full of mistakes. Go ahead and reread all the comments. The internet and text messaging has ruined our ability to write correctly. I bet even my comment has a bunch of stupid mistakes.
 
macs4nw

macs4nw

macrumors 601
Sep 21, 2010
4,336
1,933
Next-door from the little old lady from Pasadena..
whooleytoo said:
I've heard a theory (which might be plausible) that the spelling or grammar errors are deliberate, in order to weed out the careful/sceptical users right at the start.

Anyone who doesn't notice the spelling/grammar/layout errors right at the start is more likely to give our their passwords/credit card details later.

Maybe that's giving them too much credit. :)
Click to expand...

Say what.....? I'm not following your logic. If the ad was believably laid out, with proper grammar and spelling, wouldn't they entice more people into clicking on that link?
 
GenesisST

GenesisST

macrumors 68000
Jan 23, 2006
1,802
1,055
Where I live
needfx said:
Hi,

My name is Prince Bakou of Nigeria

I know this message will come to you as a surprise. I am the bill and exchange manager in Bank of Africa. Oh and I am prince too. I think I mentioned it. Anyhoo, I got about a gazillion dollars (that is nigerian $) I want to share with you and your family. YOur urgent assistance is required in transferring said amount to your bank account within 14 days.

Please let me know your :

Name, Surname
ID/Passport number
IBAN / Sort code
Address
Telephone/Mobile/Fax/Email/Facebook page

Hope to receive you reply soon,

Prince Bakou
Banker BON
Click to expand...

I call fraud... You said "Bank of Africa", but signed with "BON"... Would have been legit otherwise :D
 
A

alexwlchan

macrumors newbie
May 16, 2012
4
0
macs4nw said:
Say what.....? I'm not following your logic. If the ad was believably laid out, with proper grammar and spelling, wouldn't they entice more people into clicking on that link?
Click to expand...

The research was from a group at Microsoft last year: “Nigerian scam emails ‘deliberately implausible’ ”

I believe the logic goes: if somebody is a bit savvy about this stuff, they might fall for an initially well-written email, but drop out later on if they smelt a rat. If you force the most gullible people to self-identify on the first pass, then there’s a lower chance of them dropping out later.

Targeting the gullible doesn’t increase your initial click through, but it might improve the rate of success with those who do click through.
 
whooleytoo

whooleytoo

macrumors 604
Aug 2, 2002
6,607
716
Cork, Ireland.
alexwlchan said:
The research was from a group at Microsoft last year: “Nigerian scam emails ‘deliberately implausible’ ”

I believe the logic goes: if somebody is a bit savvy about this stuff, they might fall for an initially well-written email, but drop out later on if they smelt a rat. If you force the most gullible people to self-identify on the first pass, then there’s a lower chance of them dropping out later.

Targeting the gullible doesn’t increase your initial click through, but it might improve the rate of success with those who do click through.
Click to expand...

Exactly.

This Apple case is probably a very bad example though, since in this case they likely just grab your login details immediately and they're done. The 'deliberate errors' make more sense in more complicated scams where there's direct contact between scammer and victim. They don't want to waste their time replying to lots of people who are already suspicious.
 
gnasher729

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
rodpascoe said:
I was going to post the same thing and then saw your post hellomoto4.

It reads terribly and you have to wonder at the literacy of the people who fall foul of these phishing attacks really.

:(
Click to expand...

Remember that the people targetted are software developers, so you would assume that they are not totally stupid.

----------
AnonMac50 said:
So anyone to whom English is not their first language should not be an Apple developer?
Click to expand...

I remember some reporter complaining about the strong accent of a famous female tennis player... Another reporter pulled him up by saying "you know English is her fifth language"?

Seriously, developers with English as their second or third language usually write much better English than most people on MacRumors do. If anyone uses "allot" or "alot" instead of "a lot" then you know they are British or American.

----------

Here's what Apple wouldn't do:

Call developers "customer".
Write "apple" in lowercase.
"you'll" instead of "you will"
"confirm your account" doesn't make sense.
"It's easy" is not something that Apple would say.
"you're" instead of "you are"
Double . .

"Confirmed" in uppercase.
The next sentence doesn't make any sense.
"fraudsters"
"is importing because"

"Yours sincerely" not on a separate line.
apple in lowercase.

If there was one of these, then I'd say someone at Apple had a bad day.
Two of these, I'd say Apple should hire a replacement for someone.
Thirteen (plus the ones I missed) it should be obvious this isn't Apple.
 
macs4nw

macs4nw

macrumors 601
Sep 21, 2010
4,336
1,933
Next-door from the little old lady from Pasadena..
alexwlchan said:
The research was from a group at Microsoft last year: “Nigerian scam emails ‘deliberately implausible’ ”
I believe the logic goes: if somebody is a bit savvy about this stuff, they might fall for an initially well-written email, but drop out later on if they smelt a rat. If you force the most gullible people to self-identify on the first pass, then there’s a lower chance of them dropping out later. Targeting the gullible doesn’t increase your initial click through, but it might improve the rate of success with those who do click through.
Click to expand...

whooleytoo said:
Exactly. This Apple case is probably a very bad example though, since in this case they likely just grab your login details immediately and they're done. The 'deliberate errors' make more sense in more complicated scams where there's direct contact between scammer and victim. They don't want to waste their time replying to lots of people who are already suspicious.
Click to expand...

Thanks for the clarification. That makes sense.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom