Last week we warned that people be aware of potential Christmas scams, especially those involving Apple's products as the company has become exceptionally popular in the past few years.
While the scam I mentioned in our previous warning was laughably
fake, apparently a number of Apple customers have found a new e-mail
scam circulating that gives the appearance of being quite genuine. The
e-mail appears well-formatted with proper grammar, and is styled with
shading and official-looking links, addresses, and copyright marks. The
message also claims to come from an official looking e-mail address
"appleid@id.apple.com."
The fake Apple e-mail looks very official (click for larger view).
Beyond the e-mail looking authentic, the links provided in it are for
a fake server that also appears to be authentic. If you click the Apple
Store link, the server you go to will ask you for an Apple ID and
password, and then display a page that requests you update your personal
information including your credit card.
According to Intego
this scam is apparently quite widespread, and is intended to target
people who have new Macs, iPhones, and other Apple products that might
have been purchased this Christmas season.
The best way to avoid any scam like this is to absolutely never click
a link in an e-mail message, even if you think the e-mail is
legitimate. Instead, go to the company Web site directly and use the
resources on its Web site to update your account or access the features
requested in the email.
Beyond safe practices like this, you can also avoid scams by checking
the address for the pages they link to. While in this case the e-mail
message states that its link is for "http://store.apple.com," if you
hover your mouse over the link you will see the true URL appear. You can
also right-click the link and copy it to the clipboard, followed by
going to the Finder and checking the Clipboard contents in the "Edit"
menu to see the link.
If you have clicked the link, the very first thing you should do is
check the address. All official Web sites for companies, and especially
those that contain account information, will have a valid URL and will
not use a server IP address. In this case, the address for the server
contains an IP address (a series of 12 numbers grouped in threes and
separated by periods), followed by a folder containing an Apple-titles
HTML document.
For reference, here is a comparison of the login page provided by the
scammers (top), followed by the real login page that you will find if
you visit any Apple store online (bottom). Note the fake URL in the
page, the title that is not the same as the Apple store, and also note
the page is not verified. In this case it does not use the "https"
protocol and does not have a signed certificate, whereas the real Apple
page does (see the green text in the address bar for the valid Apple
page):
The fake Apple login page has an invalid URL and is titles "The Apple Store."
The real Apple store login looks like this.
In addition to the login windows being different, the update forms
are also different. In the scam, after you enter your login information
(any random information will work), the page will present the following
page. In a real Apple store, entering invalid login information will
result in an error. Additionally, the official Apple account page
(bottom), will have separate pages for entering account information and
otherwise managing your account.
The fake account update page looks like this.
Note the same false URL and the difference in page title (Apple's pages
all have both the Apple store name and section of the Apple store).
The real Apple account update page looks like this.
