How much longer are we gonna beat a dead horse?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Shares Tips on Avoiding App Store and iTunes Phishing Emails
- Thread starter MacRumors
- Start date
- Sort by reaction score
How much longer are we gonna beat a dead horse?
Why not just check the tooltip of any URLs you click on? Disabling HTML sounds like it will make a lot of emails unreadable.
Disabling remote content is a good idea, though. That way, no one can track if you’ve read the email.
No need to do something so drastic.
If you want to see where a Link is pointing to, without clicking on it: just hover your mouse pointer over the link and a tooltip appears revealing the actual address. If this does not match the text shown in the link, delete this email.
That is what I love about MacOS. All these little things where somebody has put some thought into...
Funnily enough, those of us in China are now receiving billing emails from a non-apple email address, with no warning as such. (no_reply@iCloud.gzdata.com.cn - they used to be from no_reply@email.apple.com ). I thought it might be a phishing thing.
Yes, a kind of affectionate term for calling someone "daft"
eg.
"You muppet, don't you know that?"
It’s the text in the footer, “If you did not authorize this purchase, please visit Apple Store Cancelation Form” which I assume is a link to a phishing site asking for personal information. Apple doesn’t have a website for canceling subscriptions, you have to use iTunes or an iOS device. Also, “cancellation” is spelled wrong.
My coworker got a similar one a few days ago, he's late 30s early 40s and completely fell for the email, he was calling apple about the email when I told him it was obviously fake, there were some glaring grammar errors.
That's all I check, always. The senders email. Simple and takes 5 seconds.
Well that, and the sentence directly before the photo says Apple will always include a current billing address, when the photo of the fake does not.
Didn’t it used to be the case that marking as spam in Mail for iOS or Mac would automatically forward it an Apple spam/phishing inbox for processing?
Nope... it only does that if you mark it on icloud.com, but not any of the apps.
Would you really be able to see the difference between apple.com, аpple.com, ɑpple.com and αpple.com though?
I see your point. If one can get a domain with spelling type changes, the domain registry needs fixing. Should not be allowed. My point start first at the email address, many end in .net. Then apply other options as pointed out by Apple before believing the email. No one step always, when you see .net for example you know it is fake. Good point you bring up.
An example of a well-crafted phishing email
Kinda funny that this “offers” a 10 TB plan, when the highest iCloud will go is still 2.
[doublepost=1520130277][/doublepost]
Note that browsers try to protect against this, e.g. by not rendering those characters. They’ll show as punycode instead. https://en.m.wikipedia.org/wiki/IDN_homograph_attack
Question: What's the tell on this email that it's not real?[/QUOTE]
Answer: the spelling of "cancellation." Apple always spells the word as "cancellation." Note that in this phishing example, the word is spelled "cancelation."
Answer: the spelling of "cancellation." Apple always spells the word as "cancellation." Note that in this phishing example, the word is spelled "cancelation."
Answer: the spelling of "cancellation." Apple always spells the word as "cancellation." Note that in this phishing example, the word is spelled "cancelation."[/QUOTE]
Actually, not true.
The actual giveaway is the use of the word cancelation/cancellation in the first place. Apple never make it that easy to stop giving them money, it's always a couple of layers deep.
Do you pay for this website, or do you simply rely on it being supported by ads?
Google and Apple showing us anonymous ads is not the danger. They have a vested interest in keeping it private.
There are hundreds of entities out there that are actually selling the personal data they collect on us.
Sure, but they're only storing encrypted data there. Nothing of interest for Google to access. They're essentially a dumb pipe.
Google is literally one of them. Every gmail you send, every picture you upload from your android device, they are all data mined anonymously in order to sell you ads.
I had a friend who does makeup for the walking dead do a bald guy thing on me for Halloween, I get tagged in that photo, and within the day I’m getting hair replacement banners. It’s scary how much information we give up without even realizing it.
It seems that I get many emails as though they came from Amazon, FedEx or other companies, but they use Order Numbers that do not resemble anything close to what I get from the actual companies. Those numbers are in the subject, so I do not have to open the email to determine it is spit.
Mouse over the sender's name / email address to determine who the REAL sender is. Several come from .de (address ending indicating Germany) or .it (Italy), and I use an IP address search tool to check the IP address location. Mouse over any links in the email IF you were unlucky enough to open the email; the REAL link will be shown.
My son-in-law recently opened an email that he thought had come from the App Store, but he knew he had not made a purchase in the amount that was listed, so he took no further action. I have been trying to get him to provide the IP address from the header so we can determine where it originated. Still waiting.
Mouse over the sender's name / email address to determine who the REAL sender is. Several come from .de (address ending indicating Germany) or .it (Italy), and I use an IP address search tool to check the IP address location. Mouse over any links in the email IF you were unlucky enough to open the email; the REAL link will be shown.
My son-in-law recently opened an email that he thought had come from the App Store, but he knew he had not made a purchase in the amount that was listed, so he took no further action. I have been trying to get him to provide the IP address from the header so we can determine where it originated. Still waiting.