i got this email afternoon. It was one of the best scrapes i’ve seen. Looks exactly like a real email from that might come from Apple. The giveaway was the email address it was sent to is a junk address, not my iTunes email.. but i’ll bite and see where it leads.
The site it was directed to was even better than the email. Safari didn’t even blink when the fake site appeared.
The url was obviously not an apple url though,
http://apple.com.us.login-webappsaccount.verification.login-webapps.update.profile.jmg3vsxpo526ndjk0w8baqhpitz0ggersizbhwlioybyso71eqjedis.a13c0db1f8e26366324934b92a630e40b7fef61ab7e9fe.resolution.center.anmar-alja.fredgivens.cdcomputing.us/account-apple%20verifecation.profile/
they tried to make it look like apple.com from the hostname but the actually domain name is from cdcomputing.us
Here is another email i got but they didn’t try hard to try and make this one look real.
So what should you look for when getting these messages. Are they addressed directly to you? Apple will have some personal information in actual emails from them letting you know that it’s not just a mass email. Also check the url’s they are coming from. Check that they are digitally signed. Sometimes browsers will report back to you if someone’s repotted the site as phishing.
If you receive a link to a phishing site, you can report the site using these strategies.
Internet Explorer
.jpg "Report phishing site in IE")
Mozilla Firefox
.jpg "Report phishing site in Firefox")
Google Chrome or Safari
To report a phishing website from Google Chrome or Safari, please visithttp://www.google.com/safebrowsing/report_phish
.jpg "Report phishing site in Google Chrome")