At the time I received one or more emails like this:
It's an email from Apple asking me to reset my Apple ID. I was 99.99% sure it was was fake. The main reason is that the email address is arrived on wasn't the one known to Apple. I have several email addresses and different ones are used with different companies. If an email comes on the wrong address I know its not real.
The thing is, the link in the email is real. Usually email scams point to a fake site with a dodgy URL that is obviously not the real website, but this one really does take you to an Apple website. You can usually see the URL in the status bar of your email program or web browser if you mouse over the link. But this one is fine. I checked the source code and it was fine too.
There is one slightly odd thing about the URL though, and this is a long string of letters and numbers after the URL. You can see it at the bottom of the screen shot. It's not unusual to see this in URLs and it's just encrypted information being passed to the website. However, in this case I wonder if it was designed to exploit some flaw in the way the server handled URLs though. This could have been the mechanism of the security attack on Apple's servers.
The image above isn't the one I received a month ago, but is actually from another one I received today. Is this email part of last month's attack on Apple or does this indicate a new attempt to hack into Apple? It could be that the hackers have modified their original code and are trying exploit another security flaw. Who knows? What should you do if you receive an email like this, especially if it is on the right email address and it looks genuine?
Never click links in emails.
What you should do is to go to the Apple site - iTunes, the Developer Center or wherever, and log in to your account in the usual way. Just check that everything is OK with your account. You'll see messages if something is wrong. (The same advice applies to banking, shopping, credit cards and so on.)
There are also emails going around that warn you that your iPod, iPad or iPhone will soon cease to function. It tells you to click a link in the message to enable the device to continue working. No doubt you'll need to enter your username and password. It's obviously a fake because I know people that don't have any Apple kit that have received this email. Besides, this couldn't happen anyway and Apple would never send out emails like this. Beware of scams.
Never click links in emails.
0 comments:
Post a Comment