I received the email shown which I know to be fraudulent but thought I should alert others. As you can see the email is set up to appear to come from Apple Support.
This an example of what is termed as social engineering. It uses a couple of what I'd consider well known sales tactics used in many industries. The first is to present a problem that alarms someone. That is someone is trying to use your Apple account. The second you'll see there's a short deadline which puts people under pressure to respond.
The wording is not overly pushy. It hasn't said your account has been hacked. It uses gentler terms like "when you're ready" and "we suspect". The wording does not show the usual lack of English ability with mistakes in spelling, grammar or punctuation. There is of course the obvious clue of the Reply-To address not being an Apple email address.
The domain has been registered in the United States with payment made to protect the privacy of the registered party. The domain servers and thus where the site is located in in London, UK
The link if clicked goes to a folder on the server sendgrind.me/wf/click followed by a long and meaningless parameter. This site could be a hijacked site or one set up specifically for malicious purposes. If I wanted to find out more
I'd connected using a secure way which wouldn't infect my computer. It may be interesting to see how good to site is the user is presented with. The more it looks like a real Apple screen (and all that takes is to copy the layout) the more likely if people are tricked to click the link, they'll continue and provide their login information and the nefarious will have achieved their likely goal of collecting the users login information. Often the same information people use to log into multiple well known sites such as Facebook and Google.
Obviously these won't trick everyone one, but if a small percentage are tricked, they'll get the response they desire and move on to the next malicious email they've probably already got lined up, but of course that's just a guess.
If you see any emails from providers you know don't click on the link. Open your browser and go to the site. These emails are fake and even smart and aware people I've met have let their guard down sometime and get tricked. So never think you're too smart to be tricked and always be careful.
Kelvin Eldridge
www.OnlineConnections.com.au
Call 0415 910 703 for IT support.
Servicing Doncaster, Templestowe, Eltham and the surrounding area.
This an example of what is termed as social engineering. It uses a couple of what I'd consider well known sales tactics used in many industries. The first is to present a problem that alarms someone. That is someone is trying to use your Apple account. The second you'll see there's a short deadline which puts people under pressure to respond.
The wording is not overly pushy. It hasn't said your account has been hacked. It uses gentler terms like "when you're ready" and "we suspect". The wording does not show the usual lack of English ability with mistakes in spelling, grammar or punctuation. There is of course the obvious clue of the Reply-To address not being an Apple email address.
The domain has been registered in the United States with payment made to protect the privacy of the registered party. The domain servers and thus where the site is located in in London, UK
The link if clicked goes to a folder on the server sendgrind.me/wf/click followed by a long and meaningless parameter. This site could be a hijacked site or one set up specifically for malicious purposes. If I wanted to find out more
I'd connected using a secure way which wouldn't infect my computer. It may be interesting to see how good to site is the user is presented with. The more it looks like a real Apple screen (and all that takes is to copy the layout) the more likely if people are tricked to click the link, they'll continue and provide their login information and the nefarious will have achieved their likely goal of collecting the users login information. Often the same information people use to log into multiple well known sites such as Facebook and Google.
Obviously these won't trick everyone one, but if a small percentage are tricked, they'll get the response they desire and move on to the next malicious email they've probably already got lined up, but of course that's just a guess.
If you see any emails from providers you know don't click on the link. Open your browser and go to the site. These emails are fake and even smart and aware people I've met have let their guard down sometime and get tricked. So never think you're too smart to be tricked and always be careful.
Kelvin Eldridge
www.OnlineConnections.com.au
Call 0415 910 703 for IT support.
Servicing Doncaster, Templestowe, Eltham and the surrounding area.
No comments:
Post a Comment