Essential activities like banking, shopping and sending emails can all be achieved from the palm of our hands through a device that fits snugly in a trouser pocket. But with all that power comes an increased level of responsibility to protect ourselves and the people we communicate with online. Malicious groups that have previously attempted to target Apple ID holders through official looking phishing scams are at it again with a new “account validation” scam.
This latest attempt to manipulate unwitting individuals into parting with their secure information is spreading across the Internet via email, and has been brought to our attention by a dedicated Redmond Pie reader. The mail shows as being sent from the “firstname.lastname@example.org” email address, and although it is clearly a non-official domain, the likelihood is that it’s close enough to the official Apple domain to confuse the less security conscious out there. This particular campaign of malice adopts the guise of trying to dupe the receiving party into believing that their Apple account has failed an internal validation check:
We recently failed to validate your account information we hold on record for you, therefore we need to ask you to complete a brief validation process in order to verify your account.
After attempting to gain the trust of the receiver by focusing on their need for account security the email then provides a link to an external site that asks for the username and password of the user’s Apple account.
Apple has been known in the past to speak out about phishing scams that attempt to benefit from using the Cupertino company’s name to gain the trust of the receiver. In an effort to warn, educate and minimize the impact to Apple account holders the company published an “identifying fraudulent ‘phishing’ email” knowledge base article – which can be read in its entirety here – that provides some excellent points on what to look out for if there is a concern over the mail’s legitimacy.
If you happen to be one of the unfortunate individuals to receive this latest scam mail then the advice is clear: do not visit any of the links in the mail. Do not provide any account or personal details and block the incoming address where possible.
Stay safe out there people.
Thanks, Book for the hat tip!