I just received this email today and it is a typical example of how you should be diligent about checking the validity of any email from unknown or suspicious sources before you consider clicking on anything but delete. See below a screen shot of an email that I received this morning from “Apple Service” and some pointers to call out a few of the obvious errors that would indicate that this email is not actually from Apple. Since we know that Apple is meticulous about its image and branding, it makes it easier to detect anomalies that would not meet their high standards and therefore obviously fraudulent. It is a clear case of a phishing email that is designed to create a sense of urgency to entice the end user to react quickly by clicking on the link to get this “resolved” before they lose access to their precious Apple services. Unfortunately, every day people ignore the signs of deceit and fraud and take the bait. Nothing good happens after clicking a malicious link and many people never fully recover.
Let’s have a look at this phishing email in more detail:
- The email is From: [Icloud]Apple Service <firstname.lastname@example.org>
- All of Apple’s iSeries of products use a convention of lower case “i” followed by the product - iCloud, iPhone, iPad etc. This is not the case in the friendly name in the email address where they use Icloud. Apple is very particular about their marketing and would never allow this to go out to their customers.
- The email address is coming from <email@example.com> which is not an Apple domain and would not be used by Apple. This is likely a legitimate email address from an unsuspecting company that the hackers are using to hide their tracks and get around email relaying restrictions so they can deploy the phishing email.
- It may not be as obvious to some, but a company would never use an admin account to send out a general-purpose email to customers. All admin accounts have a specific purpose, which typically involves elevated access rights, so industry best practices would prevent any legitimate organization from using it in this situation.
- Subject: account blocked!!!
- While the 3 exclamation points at the end of the phrase are convincing and generate a sense of urgency, nothing here looks legitimate. Apple would never send out an email with a subject line like this.
- Apple logo
- Apple is very image conscious and would never allow a distorted Apple logo, like the one shown in this email, to be sent to its customers. This is a bad copy/paste job.
- Email body
- I’m not a grammar expert but this is awful. My English teacher would have whacked me with a ruler if I handed in anything that read like this. Often foreign attackers will use translation software to create these emails and fortunately for us they fall well short of doing a convincing job. This is usually the easiest area to detect a phishing email.
- The Call to Action Button – Check your account
- This is how they get you. By clicking on this link, you will be directed to a malicious website that is designed to suck you into giving up your private and financial information. These sites can also be programmed to infect your computer with malicious code and anything is possible at that point. Ransomware is quite popular these days and can be very costly.
- If you hover your mouse over a call to action button or link, you can see where the link will send you. Again, in this case it will take us to a website that is not owned by Apple or any affiliate. (http://getsitebost.com//images/icons/redi.html) (I change the link slightly to prevent any accidental clicking!). Taking a deeper look into this address it looks like a legitimate site may have been compromised and is now being used for malicious purposes. This is common and will be discussed in more detail in a later blog.
As you can see, without being a phishing expert there are many indicators that should trigger you to flag this as a phishing email. Delete this email immediately. If this occurs at your place of employment, contact your IT department for further instructions. Phishing emails are on the rise and the best form of defense is end user education and awareness. Please share this with your friends and colleagues to help spread the word and keep everyone safe.
Dream Technology Solutions