I don't understand what this means.
Anyone care to enlighten me?
Those 110 sites were hacked and set up to mine Apple ID's from unsuspecting users and many haven't been cleared of the malicious code.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New Apple ID Phishing Effort Compromises Over 100 Sites
- Thread starter MacRumors
- Start date
- Sort by reaction score
Those 110 sites were hacked and set up to mine Apple ID's from unsuspecting users and many haven't been cleared of the malicious code.
Yea, I don't know what's worse... the half-**** effort with the retarded grammar, or the fool's email client receiving the spam.
I received a much more convincing email saying Apple were going to expire unused iCloud addresses and I needed to log in to confirm my account was active. The only errors I noticed were 2 uses of "Icloud" instead of "iCloud'.
Someone who doesn't know iCloud very well may have fallen for it (doesn't know about it in terms of capitalisation and functionality), which could be quite a few people considering all the new Apple users through iOS devices.
Someone who doesn't know iCloud very well may have fallen for it (doesn't know about it in terms of capitalisation and functionality), which could be quite a few people considering all the new Apple users through iOS devices.
There is a theory that the presentation is deliberately bad so that only the stupidest people will respond, resulting in fewer pull-outs and thus a higher success ratio from the responses. Spammers/scammers don't like their time being wasted
That's actually pretty interesting. Only the profoundly stupid will fall for this and even click in the first place, so the spammers know that they've got excellent victims. Somebody with two brain cells to rub together may actually back out or provide false information on purpose. Brilliant.
The email starts with "dear Customer".
Such an email is guaranteed not to come from Apple. If it started with "Dear Customer, " there would be a tiny chance. If it started with "Dear <username>, " then chances would be even better, but still not certain.
Furthermore, your Apple ID is making Apple money. There is no bloody way that Apple would close down your account "within 48 hours". Either they have some reason to close your account (like using stolen credit cards), then they'll close it immediately without warning. Or they have no reason to close it, then they'll keep it up forever.
Hmmh. I think that applies to scams where you need to convince the victim to hand over money, so when the potential victim responds, you have to invest serious time to get the goods. If they try to get AppleIDs with passwords, fully automated, then there would be no additional work involved so I would try to make it convincing.
Well, the theory is good, so for 419 scams _I_ would apply it. But I wouldn't be surprised if there are many scammers who actually create sites that are as good as they can make them, which just isn't very good at all.
Such an email is guaranteed not to come from Apple. If it started with "Dear Customer, " there would be a tiny chance. If it started with "Dear <username>, " then chances would be even better, but still not certain.
Furthermore, your Apple ID is making Apple money. There is no bloody way that Apple would close down your account "within 48 hours". Either they have some reason to close your account (like using stolen credit cards), then they'll close it immediately without warning. Or they have no reason to close it, then they'll keep it up forever.
There is a theory that the presentation is deliberately bad so that only the stupidest people will respond, resulting in fewer pull-outs and thus a higher success ratio from the responses. Spammers/scammers don't like their time being wasted
Hmmh. I think that applies to scams where you need to convince the victim to hand over money, so when the potential victim responds, you have to invest serious time to get the goods. If they try to get AppleIDs with passwords, fully automated, then there would be no additional work involved so I would try to make it convincing.
Well, the theory is good, so for 419 scams _I_ would apply it. But I wouldn't be surprised if there are many scammers who actually create sites that are as good as they can make them, which just isn't very good at all.
Last edited:
Tim Cook is a supply chain and operations guy, not an English professor. He probably needed to quickly get this e-mail out to let the users know.
I, for one, am glad that I got this and was quickly able to get my security credentials in order. We'll see how much you are all laughing when your Apple IDs get closed down.
I, for one, am glad that I got this and was quickly able to get my security credentials in order. We'll see how much you are all laughing when your Apple IDs get closed down.
Well, this is nothing new. I've been receiving similar emails for years, claiming to be from a Bank.
Whoever is dumb enough to fall for this, oh well.
Never click on a link to a login page, or at least look at the URL to see if it's legit!
Whoever is dumb enough to fall for this, oh well.
Never click on a link to a login page, or at least look at the URL to see if it's legit!
If you get the same email from several banks, and you are only customer of one, that's a giveaway. But I must complain that I haven't had any lottery wins for a while (I won several million Euros and a BMW so far without even buying a ticket). Probably because of these friendly guys from India who call me twice a week and offer removing viruses on my Windows PC.
On the positive side, we can complain about it without upsetting any moderators
They had me at the fake Apple logo and the small case "d" for "dear Customer."
I'm so glad most scammers are illiterate. My parents are NON-tech-savvy and even THEY can spot these.
I don't understand what this means.
Anyone care to enlighten me?
110 websites that are stored at a location who's public IP address is 70.86.13.17 (that's an internet address used to locate the web servers) are still hosting these malicious web pages. The IP address above is registered to an Internet Service Provider (ISP) in the Houston, TX area.
Short version: Web sites are still there, some place in Houston is hosting the web sites.
Best laugh all day! Thanks!!
Btw, I went to see if KrebsOnSecurity had anything on this but got a 502 bad gateway ... Looks like he is under another DDOS attack...
Thanks. Either the original Next Web article was updated or there was a copy-paste problem but I see Next Web's paragraph now says:
Which makes more sense to me now.
Yeah, I had to read the [Next Web] article twice to be sure I was correct before replying to you.
There are theories that it is intentional. As a scammer, you don't want slightly stupid people to reply, because slightly stupid people will get clever once you ask them to hand over their cash. You only want people to reply that are really absolutely limitless stupid.