Sophisticated Phishing for Apple IDs?

This afternoon I received the email below from “Apple.” It said my Apple ID had been suspended because of some change made to contact details. I made no such change but considered that one of my kids might have done something to trigger this.

The subject line “DNR” and the logo in the upper right triggered my suspicion — together with the grammatical error in the second sentence: “To Recovery your account . . .”

apple phishing

Otherwise it looks very legitimate. If you click on FAQs it takes you to an Apple-hosted page. If you click “verify now” it takes you to the page below. It looks very authentic.

All the horizontal links above the page go to other pages within the Apple site.

Apple ID page

But this is the URL for the page above:Screen Shot 2014-02-13 at 5.13.45 PM

The domain “.tk” is for┬áTokelau, which is part of New Zealand. But for the subject line and minor error in the email, I might not have noticed the URL. I also downloaded a couple of apps (just to be sure) to test whether my ID had in fact been suspended and there was no problem or interruption.

This is a very sophisticated phishing effort and someone too casual or trusting would likely be ensnared by it. To what end? I suppose some sort of credit card fraud.

I haven’t seen anything like this involving Apple before, although many of the “PayPal” emails I receive are clearly phishing efforts. In fact I’ve become so jaded that I almost never pay attention to PayPal email at all — figuring it’s all going to be phishing.

Has anyone else received this Apple email?

Leave a Reply