Apple ID Scam: “Thank You Not To Answer”

By Ryan Majeau | Posted in my blog for

We inform you that your iTunes ID happens to expire in less than 48 H

Hot on the heels of Apple’s successful new releases, there’s another group looking to score big—hackers. Armed with phishing emails that lead to phoney login pages, these bad guys are after your Apple ID, password, and more. Don’t worry, there’s good news. Their attempt is bad—really bad.

Hackers tend to go after popular targets, and Apple is big right now. The release of the new iPhone 5C and 5S models has seen a sharp rise in the number of people signing up for Apple IDs. Add this to the number of people who already have one and you get a perfect opportunity for hackers to try and make a buck.

Phishing scams aren’t new. The reason they work is because they’re designed to look authentic, to fool unsuspecting people to hand over their sensitive info. The key idea here is to “look authentic” though. If you’re going to aim a scam at English speaking people, you should learn how to speak it first (just saying).

That’s right, the phishing emails may look like they come from Apple, but the English is so horrible that the scam is a dead giveaway—at least it should be. Come on, the subject line is Your Apple ID Has Been Expired

Aside from knowing English, here are a few other details about Apple that you should keep in mind:

1. Apple knows your name. They would never simply refer to you as “client”.
2. Apple IDs don’t just happen to expire. Your ID is your email address. It’s not going anywhere.
3. Apple knows “do not reply” emails come from “noreply@” addresses, not “No-replay@”.
4. If you hover over the “Check now” link, the URL should contain apple.com, not something completely random.

For some reason I’ve got 4 of these emails in the last week. They’ve been able to bypass Gmail’s spam filter, but luckily Google still gives me a warning (in case I was too stupid to see all of these warning signs myself).

Be careful with this message. Similar messages were used to steal people's personal information. Unless you trust the sender, don't click links or reply with personal information.

Had I clicked through I’d be taken to a phoney webpage with the intent to steal my Apple ID and password. Signing in then tries to get even more info, with prompts for your address, phone number, credit card, birthday—even social security number!

Be on the lookout for these phishing emails. But like I said, as long as you know your English, you’ll be fine!