Phishing E-mail - Clicked Link - Aargggh!

Discussion in 'Mac Basics and Help' started by ian1815, Feb 10, 2014.

  1. ian1815 macrumors newbie

    Joined:
    Feb 10, 2014
    #1
    Hi there,

    Sorry to bother you all. I originally posted this on the Apple discussion boards but MacRumours seems to have more users so thought I'd ask here instead.

    I have used a Mac for 10 years and NEVER done anything as dumb as this. Total brain-melt moment so please don't crucify me too much - I feel stupid enough as it is...

    This morning I got an e-mail supposedly from Apple telling me that "Your Apple ID was used to sign in to iCloud on an iPhone 5".

    I don't know what was happening - phone calls were coming in, people were talking to me, the dog was barking, I was still half asleep - whatever - I clicked the link. It took me to a page that "looked" like Apple's site asking for my username and password. I 100% DID NOT enter my details. I realised immediately what an idiot I'd been and I then closed the page and deleted the e-mail.

    I'm running Mavericks 10.9.1 - the OSX is up to date. Some of the software needs updates running (Pages, Keynote etc.) so that's not up to date but was new with the Mac a month ago. All the security settings are still at the default (I bought this Mac about a month ago) and the Firewall was on.

    I have reset my Apple details and my computer's logon password. I've also cleared all cookies from Safari.

    Am I in any danger from simply clicking the link even if I didn't enter my details? I've just installed Sophos and am running a scan but is there any chance a keystroke capture could have been installed or anything? If the Sophos scan comes up clear is that enough to be sure or is there anything else I should do / run?

    Any help would be seriously appreciated. I feel such an idiot but I'm worried to carry on using the Mac for work until I'm certain there can't be any issues.

    I have already searched and found several people who've asked similar questions but I couldn't find a definitive answer when all I did was click the link but not enter details.

    Thanks,

    Ian
     
  2. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #2
    You'll be fine. Obviously the damage would have been done had you entered your details, which you didn't. There is essentially no chance a keystroke capture could have been installed unless you authorised it by entering your ID and password, especially if you have java disabled.

    You might want to look at setting up two stage verification for changes to your apple id.

    http://support.apple.com/kb/ht5570
     
  3. AcesHigh87 macrumors 6502a

    AcesHigh87

    Joined:
    Jan 11, 2009
    Location:
    New Brunswick, Canada
    #3
    I would wager that you are likely alrighty. Phishing scams like that are designed to get your apple login information so they can get things like your credit card information and such from apple.

    However, since you didn't input your information they don't have it. Clicking the link just brings you to a page so that they can get your information. Scams like this aren't in the market of infecting computers, they are after personal information.

    I'd key a cautionary eye on your credit card, JUST IN CASE but I wouldn't be too concerned since you didn't give them anything.
     
  4. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #4
    May wife keeps getting _really_ stupid fishing emails.

    Like "there is a problem with your Visa/Mastercard, click here... "

    The giveaways are:

    1. There is no such thing as a Visa/Mastercard. They are different companies. You could have problems with a Visa card, or with a Mastercard, but not with a Visa/Mastercard.

    2. She has neither card.

    3. The email is addressed to ten email addresses that are close together in alphabetical order :D
     
  5. ian1815 thread starter macrumors newbie

    Joined:
    Feb 10, 2014
    #5
    Thanks

    Thanks for the replies. Sounds like I *probably* have nothing to be concerned about. The Sophos scan came back clean. A good wake up call though.

    Thanks again.

    Ian
     
  6. oldhifi macrumors 6502a

    oldhifi

    Joined:
    Jan 12, 2013
    Location:
    USA
    #6
    I get the same email on my gmail account..I did report it to Apple but it keeps coming..
     
  7. r0k macrumors 68040

    r0k

    Joined:
    Mar 3, 2008
    Location:
    Detroit
    #7
    I'm sure you will be fine. Simply clicking a link shouldn't lead to any bad outcomes. It was really unnecessary for you to go around changing passwords, etc. It would be a good idea to turn on 2-factor (sometimes called 2-step) login where possible. In order to log in from a new device or browser, you have to receive a text message with a one time use code that (typically) expires in 5 minutes. It helps protect your online accounts such as icloud from unauthorized access. You have to keep up with your phone because it becomes the "key" you can use to log in from a new device or browser.

    As for spam, I'm surprised they aren't resorting to even more blatant spam :eek: such as...

     
  8. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    No, if you didn't enter your details, you're fine.
    You don't need to check for malware just because you visited a phishing site. Also, I recommend avoiding Sophos, as it can actually increase a Mac's vulnerability, as described here and here. 3rd party antivirus apps are not needed to keep a Mac malware-free, as long as the user practices safe computing, as described in the following link. If anyone insists on running antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.
     
  9. ian1815 thread starter macrumors newbie

    Joined:
    Feb 10, 2014
    #9
    Thanks for all the info guys. Much appreciated.
     

Share This Page