Macworld received a phishing email this morning claiming to be from the United Kingdom Apple Store and offering us a “Bonus Offer” for being long-term customers. In the wake of Flashback, we thought we should take this opportunity to outline Apple's advice for avoiding such schemes.
The email claimed that thanks to our “loyalty” we are “Eligible for buying an Apple Discount Card” for just 9 GBP. And this 9 GBP card (perhaps they didn't have the £ sigh on their keyboard) we will get 100 GBP credit at any United Kingdom Apple Store or at www.apple.com/uk.
Of course the link provided leads to a phishing site, which as far as we can see disguised as a Spanish website regarding the Catholic church. Needless to say, we won’t be taking them up on their generous offer.
The email reads as follows:
United Kingdom Apple Store - Bonus Offer !
Dear Apple Customer,
Apple is rewarding its long- term customers. Your loyalty for our products made you eligible for buying an Apple Discount Card. With this only 9 GBP Discount Card you will have 100 GBP credit at any United Kingdom Apple Store or on www.apple.com/UK/.
To acquire your Apple Discount Card please click here (we've taken out the link for obvious reasons!)
( You will receive your Apple Discount Card via e-mail in the following 24 hours
after your payment has been made.)
Copyright © 2012 Apple Inc. All rights reserved..
We have heard that Apple has already begun tightening security at the App Store and iTunes Store, with users being confronted with a “Security Info Required” prompt and asked to provide answers to their choice of three security questions. These measures are thought to be an attempt to avoid phishing attempts.
Apple’s advice about avoiding phishing emails is as follows: “As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never solicit such information from customers by email.”
Apple provides the following tips if you do receive email that you're not sure is valid:
Find out who the email is really from - To view the header in the mail, you can hover over the name of the sender and see where it really came from.
Be cautious of links in the email – Mouse hover over the link and see where it is really pointing to.
Check that the website you're accessing is legitimate - Modern browsers display the company name in green if the site has been issued an Extended Validation (EV) Certificate and is a legitimate website/business. For example, you’ll see Apple Inc in green if you go to iCloud.com
Note the email greeting - Phishing emails start with generic phrases like "Dear valued customer" or your email account name, such as "Dear snookums123.
The message arrived at a different email address than the one you gave the sender – in our case it came through to a generic Macworld email address.
Keep previous history in mind – look through valid correspondence from the company and compare
Never email account information or credit card information if you are in doubt
Never provide personal account information through email.
Be cautious of attachments