new phishing text targeting iPhones

Discussion in 'iPhone' started by ay98182b, Apr 4, 2016.

  1. ay98182b macrumors newbie

    Joined:
    Apr 4, 2016
    #1
    Received the attached text last night - almost got me to believe it was real (and I'm vigilant about these things). It comes up as being from 'Apple' and was addressed to my full name. My friend received one too, so it must have been a widespread thing. He went as far as giving his initial log in and address details before realising something was wrong - luckily he hadn't yet filled out the card details they ask for (he's since changed his Apple ID password - do you think he should cancel his cards as well? He didn't put in any financial information).

    According to my friend, the link on that text redirects to a perfect emulation of the Apple ID page (and the link address is a plausible one too). Probably the most realistic one of these I've seen.

    What's the best way to report this to Apple?


    FullSizeRender.png
     
  2. bruinsrme macrumors 601

    bruinsrme

    Joined:
    Oct 26, 2008
    #2
    I would recommend changing his password and enable 2 step verification
     
  3. ay98182b thread starter macrumors newbie

    Joined:
    Apr 4, 2016
    #3
    thank for the advice, I'll pass it on to him.
     
  4. macfacts macrumors 68000

    macfacts

    Joined:
    Oct 7, 2012
    Location:
    Cybertron
  5. bruinsrme macrumors 601

    bruinsrme

    Joined:
    Oct 26, 2008
    #5
    At first I thought it was a pain but after setting it up and using it it's barely a bother now.
    I set it up because for some crazy reason I am getting other people's support cases in my iCloud email.
     
  6. ay98182b thread starter macrumors newbie

    Joined:
    Apr 4, 2016
    #6
    Unsettling, right? The text my friend received had his full name too :s
     
  7. ftaok macrumors 601

    ftaok

    Joined:
    Jan 23, 2002
    Location:
    East Coast
    #7
    You'd think that Apple would use iMessage to send you stuff. Not that convincing.

    EDIT - also, the lack of https is another giveaway. It's really getting bad these days with all of the phishing and stuff. The scary thing is when your company's HR/payroll department gets suckered by a phishing scheme and releases everyone's SSN, payrate, addresses, etc.
     
  8. macfacts macrumors 68000

    macfacts

    Joined:
    Oct 7, 2012
    Location:
    Cybertron
    #8
    Most people think Apple protects their privacy and don't expect strangers to be able to get their full name and ph# from Apple.
     
  9. ftaok macrumors 601

    ftaok

    Joined:
    Jan 23, 2002
    Location:
    East Coast
    #9
    Absolutely. But I'm guessing these scammers are getting the names/numbers from services that scan social media networks. These services probably know if you have an iPhone or Android as well.

    Then it's child's play to set up a fake website. Send out a bunch of text messages. Wait. Profit.

    Most tech savvier folks won't fall for this. But that's only like 5% of the population. All they need to do is have a few people fall for it and WHAMMO!

    It really is scary how far this stuff reaches.
     
  10. ZombiePete macrumors 68020

    ZombiePete

    Joined:
    Aug 6, 2008
    Location:
    San Antonio, TX
    #10
    Not really; Apple is not going to direct you to a non-Apple.com site.

    EDIT: I went there and put in an obscenely fake ID; it told me that the ID had been locked for security reasons and that I needed to through a process to unlock it. I imagine that it's some more phishing stuff; probably looking for answers to security questions and stuff. It's not a bad looking site, but obvious phishing is obvious.
     
  11. lparsons21 macrumors 6502

    lparsons21

    Joined:
    Jun 3, 2014
    Location:
    Southern Illinois
    #11
    The simple solution is to follow the old rule about email links -- Don't click the link in email!! I've followed this rule for years and it works each and every time. If it is legit then you can go to the account and find that out.
     
  12. T'hain Esh Kelch macrumors 601

    T'hain Esh Kelch

    Joined:
    Aug 5, 2001
    Location:
    Denmark
    #12

    Really? Would you think that icloudreallyreallysecureipromise!login.com is also plausible? That link is laughable.
     
  13. macfacts macrumors 68000

    macfacts

    Joined:
    Oct 7, 2012
    Location:
    Cybertron
    #13
    I don't think any social media sites displays users pH #s
     
  14. JohnApples macrumors 65816

    Joined:
    Mar 7, 2014
    #14
    You're looking at this from a tech-savvy user perspective. Of course it's obviously fake to us. Think about the users who don't know how to do much besides text, call, and check their Facebook. I could EASILY see my mother and grandparents falling for this had I not warned them.
     
  15. ZombiePete macrumors 68020

    ZombiePete

    Joined:
    Aug 6, 2008
    Location:
    San Antonio, TX
    #15
    Make sure they have 2FA turned on.
     
  16. JohnApples macrumors 65816

    Joined:
    Mar 7, 2014
    #16
    Thanks, I actually forgot about that, but I'll walk them through it ASAP.
     
  17. Closingracer macrumors 68000

    Joined:
    Jul 13, 2010
    #17


    It is plausible though looking at it in terms of the general public who might not know....
     
  18. ZombiePete macrumors 68020

    ZombiePete

    Joined:
    Aug 6, 2008
    Location:
    San Antonio, TX
    #18
    "Plausible" and "Good enough to fool the unwitting" aren't intrinsically the same thing. It's not even close to a plausible website, but yes it probably would fool someone who didn't know better.
     
  19. 617aircav Suspended

    Joined:
    Jul 2, 2012
    #19
    Not convincing at all. A random text from Apple does not happen.
     
  20. ay98182b thread starter macrumors newbie

    Joined:
    Apr 4, 2016
    #20
    Exactly - I'm not saying any of us would fall for it (most on this forum are not representative of the general user I would argue), but my friend is no idiot by any means, he's just not tech savvy. He was in a hurry and tired and almost gave them everything they needed to rip his credit card off.

    Not to mention, as you say, my parents etc, who could easily be fooled by this. Perhaps 'plausible' is indeed the wrong word - the link (and site, just had a look at it myself) is convincing enough to the lay person (of course it's easy to just replicate a site like that, I'm not saying the scammers are rocket scientists). Plenty of people must have been duped by it, sadly. It's certainly not laughable, like some of the scams I've seen, particularly given it's sent to your full name. I'm often surprised by how poorly written/done phishing scams they are. And people must fall for those too.

    Oh and social media wouldn't display my mobile number for them to connect it to my name, so I still wonder how they got that information? I'm sure it's not that difficult to dig stuff like that up, but still.
    --- Post Merged, Apr 4, 2016 ---
    On a related note, this was a similar scam.

    "In a strange twist, the criminals who created this scam have attempted to thwart scam investigators. If you enter false data that includes words such as ‘scam’ into fields on the fake form, your browser will automatically redirect you to a preconfigured Google search for sickening and illegal pornography."

    The devious bastards.
     
  21. mrex macrumors 68020

    mrex

    Joined:
    Jul 16, 2014
    Location:
    europe
    #21
    how about icloud.com?

    unfortunately it is enought for most of the victims that there is word icloud or apple in the address bar. if it says apple.bull ****.com they will click it because there was apple. in the beginning.

    and a site called icloudsecurelogin is pretty clever to confuse even people who think they are clever than scammers.
     
  22. DMoggo macrumors regular

    Joined:
    Sep 27, 2013
    Location:
    UK
    #22
    I'm amazed at how many companies etc seem to gain our details even though when you ask them they say they don't 'share' information!
     

Share This Page