# Phishing attempt masquerading as Apple



## Zenon (Nov 20, 2018)

Got an email telling me I purchased games. I checked the source. The email came from the UK and didn't have have the name Apple in it. Checked my Visa, Apple, iTunes, App store nothing ordered. I contacted Apple and they set up a screen share. As soon as the share went live the email disappeared. Sophisticated. Next time I'll use Adobe's fraud email and send it. They probably won't get it anyway.

Always check the source of any suspicious email.


----------



## Colin Grant (Nov 20, 2018)

I got one of those. Mail App sent it directly to junk, which was good to see.


----------



## Zenon (Nov 20, 2018)

I typically set up a rule with MacMail to automatically delete an unwanted email so I don't get it again. Sometimes they are persistent and don't delete when it ask it to apply now. For those I use my service providers mail website and set up as a spam. I never get them again. I have a long list of rules


----------



## PhilBurton (Dec 8, 2018)

Zenon said:


> Got an email telling me I purchased games. I checked the source. The email came from the UK and didn't have have the name Apple in it. Checked my Visa, Apple, iTunes, App store nothing ordered. I contacted Apple and they set up a screen share. As soon as the share went live the email disappeared. Sophisticated. Next time I'll use Adobe's fraud email and send it. They probably won't get it anyway.
> 
> Always check the source of any suspicious email.


And never, ever click on a link in an email until you first hover the mouse over the link.  What looks my www.mybank.com could be really www.reallybadhackerfromRussiaCriminalgang.com .  Better yet, use your browser to to the website directly.


----------



## Johan Elzenga (Dec 8, 2018)

Zenon said:


> As soon as the share went live the email disappeared. Sophisticated.


A little bit too sophisticated, if you ask me. The Apple guy probably deleted it, because I don’t think that self-deleting emails exist yet.


----------



## Zenon (Dec 9, 2018)

Maybe but it was instant. I didn't see Apple's cursor even


PhilBurton said:


> And never, ever click on a link in an email until you first hover the mouse over the link.  What looks my www.mybank.com could be really www.reallybadhackerfromRussiaCriminalgang.com .  Better yet, use your browser to to the website directly.



Yes I started doing that about 6 months ago. Before that as I stated if it looked suspicious I just set up a Rule to delete right away. Actually when you use Rules in MacMail it shows the real address.


----------



## Johan Elzenga (Dec 9, 2018)

Zenon said:


> Maybe but it was instant. I didn't see Apple's cursor even


If it was an Apple email address (like ‘[email protected]’) then they may have deleted it on the server side. Because this is IMAP, that will delete it from your mail app too.


----------



## LouieSherwin (Dec 9, 2018)

In Apple Mail preferences there are a couple of settings that help keep you safer.

In the Viewing tab:

Uncheck "Load remote content in messages". Junk mailers will use links to detect a valid email address just by opening the message. With this unchecked you can open the message and non of the links are activated until you click the "Load Remote Content" button at the top. 

Second uncheck "Use Smart Address" option. This causes all the actual email address in the headers to be displayed not the faked name. For example you might see something like this: Apple <[email protected]> Clearly an attempt fool you. 

Apple is getting pretty good about detecting and sending most of these to my Junk mailbox. If I find one that didn't get detected I always send it to Junk as that will help Apple learn how to filter them. 

-louie


----------



## Zenon (Dec 9, 2018)

Thanks for the info.


----------



## Colin Grant (Dec 9, 2018)

Thanks Louie. Very useful stuff


----------



## Zenon (Dec 9, 2018)

LouieSherwin said:


> In Apple Mail preferences there are a couple of settings that help keep you safer.
> 
> In the Viewing tab:
> 
> ...



I’m on my iPhone and going through the settings. Not sure if you use Apple mobile devices but if you do any tips?

Thanks in advance


----------



## LouieSherwin (Dec 10, 2018)

In Settings->Mail there is an option "Load Remote Images" turn that off.

Unfortunately you cannot turn off Smart Address" but you can examine actual address by opening the message and then tapping on the formatted address in the From field that you want to examine and Mail will open a new view that shows all the known detail for the selected address. If it is in your Address book it will show the Address book entry. If it is not it will just show the underlying real email address with some possible options to add or share the information.

-louie


----------



## Zenon (Dec 10, 2018)

I just won't touch any suspicious emails until I get home. Thanks for the help louie.


----------



## MarkNicholas (Dec 10, 2018)

I have received many such emails purportedly from Apple. If the content doesn't give it away that its phishing then the senders email address definitely will.


----------



## Johan Elzenga (Dec 11, 2018)

MarkNicholas said:


> I have received many such emails purportedly from Apple. If the content doesn't give it away that its phishing then the senders email address definitely will.


A sender email address can easily be spoofed, so while a strange non-Apple address may give it away for sure, a seemingly correct address does not mean anything. What cannot be spoofed is the link they want you to click on. The real URL can be hidden from sight, but you can easily see check it.


----------



## MarkNicholas (Dec 11, 2018)

JohanElzenga said:


> A sender email address can easily be spoofed, so while a strange non-Apple address may give it away for sure, a seemingly correct address does not mean anything. What cannot be spoofed is the link they want you to click on. The real URL can be hidden from sight, but you can easily see check it.


Of the many such emails I have received non of the senders addresses looked anything like an apple address. If it is so easy to "spoof" a senders email address then it doesn't seem to make much sense that they didn't do so.


----------



## Johan Elzenga (Dec 11, 2018)

MarkNicholas said:


> Of the many such emails I have received non of the senders addresses looked anything like an apple address. If it is so easy to "spoof" a senders email address then it doesn't seem to make much sense that they didn't do so.


It is really easy. I can send you an email that seems to come from ‘[email protected]’. Spammers target the supidest part of the stupids however, so often they don’t even bother.


----------

