Apple Developer Center Outage Sparks New Round of Phishing Attacks - Page 2 - MacRumors Forums
Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 25, 2013, 11:57 AM   #26
elfxmilhouse
macrumors 6502
 
Join Date: Oct 2008
Quote:
Originally Posted by Madmic23 View Post
It always amazes me how scammers can be so smart when it comes to creating fake websites, collecting data, and getting in through back doors, but are so incredibly stupid at putting together a simple sentence.
they are smarter than you think.
the poor grammar and other "mistakes" are done on purpose to weed out those that are too smart to fall for scams.

edit: example from the classic nigerian scams: http://www.onthemedia.org/2012/aug/3...rk/transcript/
__________________
MB986LL w/OCZ Vertex SSD MC238LL w/Intel X25-V SSD MC506LL-Z0JK w/OWC SSD
MB382LL MB715LL MC497LL
elfxmilhouse is offline   0 Reply With Quote
Old Jul 25, 2013, 12:17 PM   #27
AnonMac50
macrumors 65816
 
Join Date: Mar 2010
Quote:
Originally Posted by ArmCortexA8 View Post
If anyone actually falls for this, they should not be a Developer. The grammar in this email is shocking. Apple don't address with "Dear Apple Customer" / Apple Don't use "to get back into your account" / Apple never use "update now" links, as Apple always shows the full link in emails / "Confirmed" should not be capitalised / Apple don't use the term "right away" / Apple don't use the term "fraudsters" (ironically the fraudsters are the one's sending these out) / And "yours sincerely, apple" - no capital A an no carriage return after "sincerely".

Oh and the the way, where's the Apple Logo?
So anyone to whom English is not their first language should not be an Apple developer?
__________________
[Tutorial] Three Finger Drag on Non-supported Multitouch Macs (MAJOR UPDATES!!! (8/7/2013))
Front Row for Lion
Now I know why the maps icon wants you to jump off of a bridge!
AnonMac50 is offline   3 Reply With Quote
Old Jul 25, 2013, 12:51 PM   #28
FirstNTenderbit
macrumors 6502
 
Join Date: Jan 2013
Location: Atlanta
Quote:
Originally Posted by ArmCortexA8 View Post
If anyone actually falls for this, they should not be a Developer. The grammar in this email is shocking. Apple don't address with "Dear Apple Customer" / Apple Don't use "to get back into your account" / Apple never use "update now" links, as Apple always shows the full link in emails / "Confirmed" should not be capitalised / Apple don't use the term "right away" / Apple don't use the term "fraudsters" (ironically the fraudsters are the one's sending these out) / And "yours sincerely, apple" - no capital A an no carriage return after "sincerely".

Oh and the the way, where's the Apple Logo?
All of your points are absolutely correct. If this phishing attack was directed at the Dev Community then someone wasted their time. HOWEVA If it was directed at the general public, I am pretty sure someone will fall for it. Not ever Apple customer is a native English speaker. The readily apparent errors we see may not register. Hell, even native English speakers can't agree completely on what's proper English.

Go to a tech site and you will see 'Apple are' and 'Samsung don't'. Look at a legal document and you will see 'Apple is' and Samsung doesn't'. We can all be less indignant when we realize these phishing scams aren't targeted to the most sophisticated/technically savvy. They are targeted to less worldly, more naive. With that in mind it only has to be good enough to fool the targeted demographic.
__________________
I'm a big fan of good tech. I don't really care who makes it.
FirstNTenderbit is offline   1 Reply With Quote
Old Jul 25, 2013, 01:14 PM   #29
donutbagel
Banned
 
Join Date: Jun 2013
The classic two periods at the end of the sentence

----------

Quote:
Originally Posted by PracticalMac View Post
...or someone for whom English is not a native language.
Someone who also didn't use Google Translate.

----------

Quote:
Originally Posted by bacaramac View Post
If a dev falls for this, they deserve to get scammed. I have also heard the poor grammer, etc is to weed out people who wouldn't fall for scam. If you continue to page and input your credentials, you will probably continue giving info like credit card, ssn, etc.
What's the harm in allowing smarter users to continue to the site? Do they just not want to deal with the server load?

EDIT: The reason the article gave is this: "They need to filter out the people who might respond but wouldn’t in the end send them any money." But this is for scam emails, not an automated phishing site.
donutbagel is offline   0 Reply With Quote
Old Jul 25, 2013, 01:44 PM   #30
HiRez
macrumors 601
 
HiRez's Avatar
 
Join Date: Jan 2004
Location: Western US
Hilarious that Confirm is capitalized in the middle of a sentence but Apple is not. Gotta love random capitalization. Well played, idiots.

Frankly, anyone who falls for such an obviously shoddy scheme deserves it (although anyone, especially any developer, should know to never click on email links regardless).
__________________
Go outside, the graphics are amazing!
HiRez is offline   0 Reply With Quote
Old Jul 25, 2013, 01:48 PM   #31
SockRolid
macrumors 65816
 
SockRolid's Avatar
 
Join Date: Jan 2010
Location: Almost Rock Solid
Quote:
Originally Posted by hellomoto4 View Post
Look at that grammar! Although it may look quite real, it reads like an 8 year old has written it.
It just might have been a Google translation from Korean.

(Tip: if "apple" isn't capitalized, delete the email immediately.)
__________________
Sent from my iPad Simulator
SockRolid is offline   0 Reply With Quote
Old Jul 25, 2013, 03:27 PM   #32
RichardI
macrumors 6502a
 
RichardI's Avatar
 
Join Date: Feb 2007
Location: Southern Ontario, Canada
Sorry, but I think if you fall for that, you deserve it.
__________________
iMac 27", i7, 8 Gb. ram, HD5750/1Gb, 1TB. Hard Drive, OSX 10.9.X Logitech wireless mouse, wired keyboard, iPod Shuffle (2nd G) 1 Gb.
RichardI is offline   2 Reply With Quote
Old Jul 25, 2013, 03:40 PM   #33
KdParker
macrumors 68020
 
KdParker's Avatar
 
Join Date: Oct 2010
Um...really would like my dev site back up....love the status page, but I need to see some movement.

j/k (some what)
__________________
16g iPhone5s Space Grey; 16g iPhone5 White;
15" retina - MBP 2.6 GHZ 16 RAM;
iPad4 retina

Last edited by KdParker; Jul 25, 2013 at 03:48 PM.
KdParker is offline   0 Reply With Quote
Old Jul 25, 2013, 04:41 PM   #34
needfx
macrumors 68000
 
needfx's Avatar
 
Join Date: Aug 2010
Location: macrumors apparently
Hi,

My name is Prince Bakou of Nigeria

I know this message will come to you as a surprise. I am the bill and exchange manager in Bank of Africa. Oh and I am prince too. I think I mentioned it. Anyhoo, I got about a gazillion dollars (that is nigerian $) I want to share with you and your family. YOur urgent assistance is required in transferring said amount to your bank account within 14 days.

Please let me know your :

Name, Surname
ID/Passport number
IBAN / Sort code
Address
Telephone/Mobile/Fax/Email/Facebook page

Hope to receive you reply soon,

Prince Bakou
Banker BON
needfx is offline   1 Reply With Quote
Old Jul 25, 2013, 05:40 PM   #35
Aragrist
macrumors newbie
 
Join Date: Jun 2011
Location: Southern California
I like how all of us are making fun of the spelling and grammar and each of our comments are full of mistakes. Go ahead and reread all the comments. The internet and text messaging has ruined our ability to write correctly. I bet even my comment has a bunch of stupid mistakes.
Aragrist is offline   1 Reply With Quote
Old Jul 26, 2013, 12:48 AM   #36
firedept
macrumors Demi-God
 
firedept's Avatar
 
Join Date: Jul 2011
Location: Somewhere!
Some village is missing its idiot, then they wrote the phishing email and sent it.
__________________
Success only comes before work in the dictionary!
firedept is online now   0 Reply With Quote
Old Jul 26, 2013, 04:43 AM   #37
macs4nw
macrumors 68020
 
macs4nw's Avatar
 
Join Date: Sep 2010
Location: On Safari…..
Quote:
Originally Posted by whooleytoo View Post
I've heard a theory (which might be plausible) that the spelling or grammar errors are deliberate, in order to weed out the careful/sceptical users right at the start.

Anyone who doesn't notice the spelling/grammar/layout errors right at the start is more likely to give our their passwords/credit card details later.

Maybe that's giving them too much credit.
Say what.....? I'm not following your logic. If the ad was believably laid out, with proper grammar and spelling, wouldn't they entice more people into clicking on that link?
__________________
Due to my aversion to bragging and clichés, no words of wisdom to be found on this line.....
macs4nw is offline   0 Reply With Quote
Old Jul 26, 2013, 06:20 AM   #38
GenesisST
macrumors 65816
 
GenesisST's Avatar
 
Join Date: Jan 2006
Location: Where I live
Quote:
Originally Posted by needfx View Post
Hi,

My name is Prince Bakou of Nigeria

I know this message will come to you as a surprise. I am the bill and exchange manager in Bank of Africa. Oh and I am prince too. I think I mentioned it. Anyhoo, I got about a gazillion dollars (that is nigerian $) I want to share with you and your family. YOur urgent assistance is required in transferring said amount to your bank account within 14 days.

Please let me know your :

Name, Surname
ID/Passport number
IBAN / Sort code
Address
Telephone/Mobile/Fax/Email/Facebook page

Hope to receive you reply soon,

Prince Bakou
Banker BON
I call fraud... You said "Bank of Africa", but signed with "BON"... Would have been legit otherwise
__________________
Kenmore microwave, Frigidaire oven, Fisher & Paykel fridge, LG washer & Dryer and Crane toilet
GenesisST is online now   0 Reply With Quote
Old Jul 26, 2013, 08:20 AM   #39
alexwlchan
macrumors newbie
 
Join Date: May 2012
Quote:
Originally Posted by macs4nw View Post
Say what.....? I'm not following your logic. If the ad was believably laid out, with proper grammar and spelling, wouldn't they entice more people into clicking on that link?
The research was from a group at Microsoft last year: “Nigerian scam emails ‘deliberately implausible’ ”

I believe the logic goes: if somebody is a bit savvy about this stuff, they might fall for an initially well-written email, but drop out later on if they smelt a rat. If you force the most gullible people to self-identify on the first pass, then there’s a lower chance of them dropping out later.

Targeting the gullible doesn’t increase your initial click through, but it might improve the rate of success with those who do click through.
alexwlchan is offline   0 Reply With Quote
Old Jul 26, 2013, 08:37 AM   #40
whooleytoo
macrumors 603
 
whooleytoo's Avatar
 
Join Date: Aug 2002
Location: Cork, Ireland.
Send a message via AIM to whooleytoo
Quote:
Originally Posted by alexwlchan View Post
The research was from a group at Microsoft last year: “Nigerian scam emails ‘deliberately implausible’ ”

I believe the logic goes: if somebody is a bit savvy about this stuff, they might fall for an initially well-written email, but drop out later on if they smelt a rat. If you force the most gullible people to self-identify on the first pass, then there’s a lower chance of them dropping out later.

Targeting the gullible doesn’t increase your initial click through, but it might improve the rate of success with those who do click through.
Exactly.

This Apple case is probably a very bad example though, since in this case they likely just grab your login details immediately and they're done. The 'deliberate errors' make more sense in more complicated scams where there's direct contact between scammer and victim. They don't want to waste their time replying to lots of people who are already suspicious.
__________________
Mac <- Macintosh <- McIntosh apples <- John McIntosh <- McIntosh surname <- "Mac an toshach" <- "Son of the Chief"
whooleytoo is offline   0 Reply With Quote
Old Jul 26, 2013, 12:53 PM   #41
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by rodpascoe View Post
I was going to post the same thing and then saw your post hellomoto4.

It reads terribly and you have to wonder at the literacy of the people who fall foul of these phishing attacks really.

Remember that the people targetted are software developers, so you would assume that they are not totally stupid.

----------

Quote:
Originally Posted by AnonMac50 View Post
So anyone to whom English is not their first language should not be an Apple developer?
I remember some reporter complaining about the strong accent of a famous female tennis player... Another reporter pulled him up by saying "you know English is her fifth language"?

Seriously, developers with English as their second or third language usually write much better English than most people on MacRumors do. If anyone uses "allot" or "alot" instead of "a lot" then you know they are British or American.

----------

Here's what Apple wouldn't do:

Call developers "customer".
Write "apple" in lowercase.
"you'll" instead of "you will"
"confirm your account" doesn't make sense.
"It's easy" is not something that Apple would say.
"you're" instead of "you are"
Double . .

"Confirmed" in uppercase.
The next sentence doesn't make any sense.
"fraudsters"
"is importing because"

"Yours sincerely" not on a separate line.
apple in lowercase.

If there was one of these, then I'd say someone at Apple had a bad day.
Two of these, I'd say Apple should hire a replacement for someone.
Thirteen (plus the ones I missed) it should be obvious this isn't Apple.
gnasher729 is offline   0 Reply With Quote
Old Jul 26, 2013, 12:53 PM   #42
whooleytoo
macrumors 603
 
whooleytoo's Avatar
 
Join Date: Aug 2002
Location: Cork, Ireland.
Send a message via AIM to whooleytoo
Quote:
Originally Posted by gnasher729 View Post
Remember that the people targetted are software developers, so you would assume that they are not totally stupid.
Probably a lot of people too who've signed up as Apple devs just to get early access to iOS.
__________________
Mac <- Macintosh <- McIntosh apples <- John McIntosh <- McIntosh surname <- "Mac an toshach" <- "Son of the Chief"
whooleytoo is offline   0 Reply With Quote
Old Jul 26, 2013, 12:55 PM   #43
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by FirstNTenderbit View Post
Go to a tech site and you will see 'Apple are' and 'Samsung don't'. Look at a legal document and you will see 'Apple is' and Samsung doesn't'.
That's the difference between British and American English.

----------

Quote:
Originally Posted by whooleytoo View Post
Probably a lot of people too who've signed up as Apple devs just to get early access to iOS.
True.
gnasher729 is offline   1 Reply With Quote
Old Jul 26, 2013, 02:27 PM   #44
macs4nw
macrumors 68020
 
macs4nw's Avatar
 
Join Date: Sep 2010
Location: On Safari…..
Quote:
Originally Posted by alexwlchan View Post
The research was from a group at Microsoft last year: “Nigerian scam emails ‘deliberately implausible’ ”
I believe the logic goes: if somebody is a bit savvy about this stuff, they might fall for an initially well-written email, but drop out later on if they smelt a rat. If you force the most gullible people to self-identify on the first pass, then there’s a lower chance of them dropping out later. Targeting the gullible doesn’t increase your initial click through, but it might improve the rate of success with those who do click through.
Quote:
Originally Posted by whooleytoo View Post
Exactly. This Apple case is probably a very bad example though, since in this case they likely just grab your login details immediately and they're done. The 'deliberate errors' make more sense in more complicated scams where there's direct contact between scammer and victim. They don't want to waste their time replying to lots of people who are already suspicious.
Thanks for the clarification. That makes sense.
__________________
Due to my aversion to bragging and clichés, no words of wisdom to be found on this line.....
macs4nw is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Developer iOS center is down? hassoon iPhone/iPad Programming 6 May 1, 2014 09:49 PM
Apple Developer Center Outage Fixed 'Remote Code Execution' Flaw MacRumors MacRumors.com News Discussion 29 Aug 21, 2013 10:42 PM
Extended Developer Center Outage May Be Causing App Review Delays [Updated] MacRumors MacRumors.com News Discussion 24 Aug 1, 2013 08:16 PM
Apple's Developer Center Coming Back Online After 8 Day Outage MacRumors MacRumors.com News Discussion 81 Jul 30, 2013 05:01 PM
Apple's Developer Center Experiences Daylong Outage MacRumors Mac Blog Discussion 309 Jul 29, 2013 11:06 PM

Forum Jump

All times are GMT -5. The time now is 11:03 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC