dcsi news

Jul 12, 2017

iCloud Phishing Scam

Don't be taken in by scammers

Oxford Dictionary defines "phishing" as: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Recently some of our customers have forwarded emails to us that are part of an iCloud phishing scam.

One version we've seen is posing as an email from Apple and has the subject line "Your Apple ID was used to sign in to iCloud via a web browser" warns that someone recently reset your password and requests that you log in to secure your account. Another with the subject line " iCloud information" appears to be a receipt for an unauthorised purchase on your account. Other variations undoubtably exist.

The links provided do not go to Apple's site, but to a site controlled by the scammer. If you enter your iCloud usename and password, the scammer will then be able to use these details to breach your account. It's also possible that malicious software could be installed on your computer.

Apple provide some advice on their website for recognising phishing emails including:
* Check if the sender's email address matches the company they're claiming to be from.
* Check if the address they've contacted you on is the same one you provided to the company.
* Is the greeting generic, like "Dear Customer", or does it address you by name? Companies that you have signed up with will usually address you by your name.
* Links in the email go to sites that aren't associated with the company. Hover over the link and check the status bar at the bottom of the screen to see if the link destination matches what appears in the email.
* Check if the message looks dissimilar to genuine messages you've received from the company in the past.
* Be suspicious if the email requests personal information, such as your password or credit card details
* Also be wary if you receive an unsolicited email with an attachment.

Apple provide a contact email address for reporting iCloud phishing attempts. Forward the suspicious mail to: reportphishing@apple.com

We advise that you delete the email without clicking any links or opening any attachements.

If you receive an email you're unsure of, please give us a call on 1300 66 55 75 for advice.

For more information on internet scams and security see:
https://support.apple.com/en-au/HT204759
https://www.dcsi.net.au/news/39/simple-internet-security-measures