Have you received an email which purports to be from Apple, with the subject line “We have temporarily suspended use of this ID”? Chances are that it’s most likely a new phishing scam which aims to harvest your Apple ID credentials and credit card details.
The sender name of the email shows that it’s from Apple, however the email is actually coming from the address ‘support(at)academiapractica(dot)com’, which comes from a server at OVHcloud and is not associated with Apple.The email is entirely plain text, has no Apple branding, and does not greet or address the user. Instead, it begins by warning that the use of the ID has been suspended until activity is verified. The user is then instructed to click some hyperlinked text which reads “Review and verification of account activity” in order to continue using their ID. The fraudster has used a link shortening service to hide the true URL in an effort to make it harder to detect the scam.
Here's what the email looks like:
The user is then taken to a phishing site where they are prompted to enter their Apple ID and password. When they proceed with logging in, their credentials are harvested by the cybercriminal – but the scam doesn’t end there.
When the user proceeds to ‘log in’, they’re redirected a page titled “Payment Verification For Your Apple ID”. The page instructs the user to enter their credit card details and are threatened with the closure of their account if they exit the window.
Although care has been taken to use Apple branding and make the phishing pages look legitimate, you’ll notice in the screenshot below from the URL that the user is not on the authentic Apple website. Additionally, the buttons for ‘month’, ‘year’ and ‘continue’ are written in German which raises further red flags.
If the user provides their credit card details, they’re taken to an “SMS verification” page, where they’re directed to enter a code that’s sent to their mobile.
Brands like Apple are popular targets for impersonation by scammers, due to their enormous customer base and trusted name.
Apple advise their customers to:
And to report any suspicious emails that purport to be from Apple by forwarding them to: reportphishing@apple.com
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.