Alphabet trick helps fake Apple email evade detection

Posted by Jaclyn McRae on 17 February 2017 09:30:17 AEDT

A new Apple phishing scam tries to trick people into handing over their log-in information using a font-substitution tactic designed to avoid virus software detection.

Hiding behind the unsophisticated phishing email is a convincing replica of Apple’s real log-in page.

The criminals behind the scam hope victims will type in their Apple ID and password – paving the way for them to make illegal purchases from iTunes, access private content uploaded to iCloud, and even wipe devices.

The email appears to be sent by ‘AppleSupport’. But it was actually distributed from a new domain registered just last month – likely for the purpose of sending spam.

It tells the recipient Apple is updating all accounts in its database, but had a problem with their account. 

Alphabet trick helps fake Apple email evade detection MailGuard2.jpg

It urges them to click a link to verify their account setting, bringing up the fake Apple Store sign-in page.

Alphabet trick helps fake Apple email evade detection MailGuard3.jpg

The page is a good replica of the original, complete with responsive design to resize the page for smaller screens, such as phones.

To evade antivirus software, those who designed the email substitute some letters with similar letters taken from a different character set.  

By using Greek alphabet characters ρ, υ and ω in place of p, u and w, the email is more likely to pass by content filters set up to block common phrases used by scammers such as “we will suspend your online access” and other instructions using the words “account verification”.

Apple’s website offers solid advice about account security, including having strong passwords that include numbers and punctuation, so isn’t easy to guess. Apple also suggests selecting difficult security questions, and using two-factor authentication.

About phishing
Put simply, phishing is the practice of sending email to users with the purpose of tricking them into clicking on a link or revealing personal information.
Phishing emails are sent to a wide group of people without targeting anyone. It’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out, some will take the bait.
Interested to know more about the various types of phishing? See: Email scam tactics explained: What are phishing, spear phishing and whaling?
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Want to hear more from MailGuard? Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Apple Email Scam Cybersecurity cybercrime Apple ID locked punycode homograph unicode

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all