It hasn’t been 2019 for very long. And yet, we’re already starting to see the first of many phishing scams to come this year.
Some scammers apparently attempted to ring in the new year with a new phishing attempt. The bogus email, as first spotted by AppleWorld’s Steven Sande, was sent out to various iCloud users at 12:01 a.m. Eastern Time on Jan. 1, 2019.
Luckily, the email (sent by “Apple Report”) wasn’t a very sophisticated phishing scam.
For one, the email subject literally read “Your Account has beens temporality (locked) for security reason!.”
We’re going to assume that the scammer just spelled “temporarily” wrong and is not talking about the linear progression of time. The email’s body was similarly laden with typos.
But if someone was fooled by the email, they might tap on that iforgot.apple.com link, which actually leads to a webpage hosted on Blogspot.
While this attempt was pretty sloppy, much more sophisticated phishing scams do exist. One particularly devious example, pointed out last year by Wired, used extremely convincing receipt mockups and landing pages to get users to type their Apple ID and password on fraudulent sites.
Because of that, vigilance is still warranted.
How to Avoid Getting Phished
Scams like the ones mentioned above attempt to “phish” users by leveraging social engineering techniques to get them to hand over their account credentials.
But there are a few surefire ways to spot scam emails and phishing attempts Here are some tips to keep in mind.
- Check the email address. Emails sent from Apple will always use an address tied to a legitimate Apple domain — no exceptions.
- Look for bad grammar. While some phishing attempts will be highly sophisticated, most will be riddled with typos and grammatical errors.
- Look at the content. Generally, Apple doesn’t send unsolicited emails to customers. In other words, if you aren’t expecting an email from Apple, you probably aren’t going to get one.
- Make sure they address you by name. Apple will never refer to you by your email address, only by the name you have connected to your Apple ID.
- Keep an eye out for sketchiness. Anything from weirdly pixelated profile images to domain links that are just off. If there’s even a hint of doubt about an “Apple” email’s authenticity, delete it.
In addition to deleting it, it’s also worth reporting the fraudulent email and its sender to reportphishing@apple.com