Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
The email starts with "dear Customer".

Such an email is guaranteed not to come from Apple. If it started with "Dear Customer, " there would be a tiny chance. If it started with "Dear <username>, " then chances would be even better, but still not certain.

Furthermore, your Apple ID is making Apple money. There is no bloody way that Apple would close down your account "within 48 hours". Either they have some reason to close your account (like using stolen credit cards), then they'll close it immediately without warning. Or they have no reason to close it, then they'll keep it up forever.




Hmmh. I think that applies to scams where you need to convince the victim to hand over money, so when the potential victim responds, you have to invest serious time to get the goods. If they try to get AppleIDs with passwords, fully automated, then there would be no additional work involved so I would try to make it convincing.

Well, the theory is good, so for 419 scams _I_ would apply it. But I wouldn't be surprised if there are many scammers who actually create sites that are as good as they can make them, which just isn't very good at all.

Yes, I was responding generally to Ravenstar's post about the preponderance of poorly-written spam/scams, the principle is not so applicable here. I'd love to know more about this "industry"; you'd think by now there would have been some undercover exposés or whistleblowers giving us an inside view. Perhaps it's mostly so penny-ante that there's little to tell.
 
Security Professional here. It always blows my mind to see how people fall for these social engineering attacks. Especially with how broken the english is in this particular example.

Even one of Pentagon's cybersecurity contractors was hacked using social engineering. First the hackers got all the usernames by using SQL-injections, then used rainbow-tables to crack the (unsalted) passwords, and finally they sent e-mail to sysadmin on behalf of the security chief, asking for the root password (which they got).
 
Apple has sought to increase account security on its own site with its recent introduction of two-step verification ...

Two-step verification: just do it. Even if a bad guy knows you loginr and password, he can't access your contact and credit card info. (Unless he has one of your trusted devices and knows its passcode.)
 
I actually know someone who fell for a scam like this once. They called me in a panic. They said they kept clicking on the link in the email from the bank to verify their account details, but the link wasn't going anywhere.

I told them they should be glad the link wasn't going anywhere, because it was a scam.

I can't believe how many people fall for crap like this.
 
I actually know someone who fell for a scam like this once. They called me in a panic. They said they kept clicking on the link in the email from the bank to verify their account details, but the link wasn't going anywhere.

I told them they should be glad the link wasn't going anywhere, because it was a scam.

The usual reply would be that you know nothing, the computer is broken, and it's an email from the bank so it can't be a scam. :D
 
There is a theory that the presentation is deliberately bad so that only the stupidest people will respond, resulting in fewer pull-outs and thus a higher success ratio from the responses. Spammers/scammers don't like their time being wasted :rolleyes:

Fewer pull-outs will definitely cause a higher success ratio...;)
 
You'd really think the fact that the very first word isn't capitalized would make it obvious.

I know scammers use obviously fake emails like this to weed through the crowds and reach the truly gullalble people. The type of people who truly fall for this are least likely to respond as quickly or know how to combat the fraudulent account activity.
 
If you fall for this then Tim Cook should come to your home and punch you in the junk.

My 6 year old twins have better grammar. SMH.
 
Even one of Pentagon's cybersecurity contractors was hacked using social engineering. First the hackers got all the usernames by using SQL-injections, then used rainbow-tables to crack the (unsalted) passwords, and finally they sent e-mail to sysadmin on behalf of the security chief, asking for the root password (which they got).

I find it more disturbing that the Pentagon isn't using prepared statements or sanitizing input. SQLi is such an old attack, how are they not defending against it!? And unsalted passwords!! facepalm.jpg. That is just unforgivable. How do they not have training telling them to never send a password over email? This is all just too stupid to comprehend.
 
theplanet.com

110 websites that are stored at a location who's public IP address is 70.86.13.17 (that's an internet address used to locate the web servers) are still hosting these malicious web pages. The IP address above is registered to an Internet Service Provider (ISP) in the Houston, TX area.

Short version: Web sites are still there, some place in Houston is hosting the web sites.

That IP is being hosted at a data center in Houston owned by ThePlanet.com. They have a number of hosting facilities around the US and the globe:

Dallas 104,500+ Servers
Seattle 10,000+ Servers
Washington 16,000+ Servers
Houston 25,000+ Servers
San Jose 12,000+ Servers
Amsterdam 8,000+ Servers
Singapore 16,000+ Servers
 
I find it more disturbing that the Pentagon isn't using prepared statements or sanitizing input. SQLi is such an old attack, how are they not defending against it!? And unsalted passwords!! facepalm.jpg. That is just unforgivable. How do they not have training telling them to never send a password over email? This is all just too stupid to comprehend.

Note that it wasn't Pentagon that was hacked, but the organization responsible for their cybersecurity. I have no knowledge of the hackers being able to extract information about Pentagon this way, let alone obtain information on how to break into Pentagon's systems.
 
It's really swell of the "Support Client Delivery Apple" folks to warn us of potential online dangers.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.