The phishing a-holes are back at it again, attempting to trick you into revealing your Apple ID login information. UGH! Do we really have to tell you again NOT to click links in emails that you receive like this?
In case you’re not familiar with phishing, it’s a way for devious types to get access to your user ID and password for an account — in this particular case, your Apple ID — so that they can then go in and rack up big charges. Even worse, since many people use the same email and password for multiple accounts, this can open the door to all sorts of nefarious action.
Phishing involves the sending of emails that appear to come from a trusted source. The body of the email will contain a message, often saying that your account has some issues, and requesting that you click a link embedded in the email, so you can login and resolve the problems to continue the use of your account.
What ever you do, DON’T CLICK THAT LINK!
Those that click the link are taken to a fake site, where they’ll be asked to enter their login information, in this case it’s the Apple ID info, and then the bad guys have your info, which they can do all sort of very bad things with. Especially if you use the same login and password on other sites. UGH!
TUAW shares some of the “tells” that the email is not from Apple:
The image at the top of this post shows one of the emails that has been going around. There are a few “tells” — first, it says “Dear,”, but doesn’t show a name. Second, it expresses concern that “someone tired to log into your Apple account from a different IP address” — Apple doesn’t check your IP address, which is why you can log into your account from iPhone, iPad or Mac just about anywhere.
Most of all, be assured that Apple will NEVER ask you to click a link in an email to go to a “Verify Now” website. By hovering your cursor over the embedded link, you’ll be able to see the link goes to a domain that is registered in the island territory of Tokelau in the South Pacific; a domain that in 2010 was responsible for approximately 21.5% of all total phishing attacks.
If you get an email like this, delete the damn thing, and don’t look back. If you have Gmail, you’ll probably find this and similar emails in the Spam folder. Just delete these pieces of crap, or report them as spam.
If you are concerned that an account may have been compromised, go to the website by directly entering a known good URL in the address bar of your browser. NEVER click on the link in an email.