Hey, if you are like me, you are ordering your presents online. When you do that, you get a lot of emails back updating you on the status of your order. Since it is Christmas, you are anxious about your order so naturally you are checking on them quickly. And that’s why you need to be careful.
Last night I got an email from Target asking me to check out the status of my order by clicking the link. This was fishy (phishy?) to me, because I didn’t order anything from Target. I checked the links in the email and sure enough: they did not go back to the Target web site.
And it’s not just merchants. I also got one from Paypal warning me of someone breaking into my account and asking me to press a button which wasn’t linked to PayPal.
In short, check your confirmation emails carefully before you click on anything. Otherwise your Christmas could be an unhappy one.
Sorry, yes, there is a new form of fraud coming to get you. It’s called “smishing”. What is it?
“smishing” scams (the word combines SMS, the technical format for texting, and phishing) have become increasingly common. Fraudsters often create realistic-looking texts from seemingly reputable sources, such as FedEx or Amazon, which are then used to extract personal information: passwords, Social Security numbers, bank account or credit card numbers.
So, yeah, be careful about responding to text from people you don’t know and especially from organizations who may or may not be the real deal. For more on this, see: FedEx didn’t send that text about a package. It’s a scam. – The Washington Post
A simple way of determining if an email is a phishing attempt is to move your mouse over the link(s) in it to see if they match what is on your screen. For example, if you get an email from Apple that says:
Use this link https://applid.apple.com to verify your account
You might move your mouse over the URL and see that the link is to company https://phishingRUs.com/ or something else.
But what if the URL is a URL shortening site, like http://bit.ly or http://dlvr.it/?
My advice: assume it is a phishing attack. It could be the real company, but most large organizations will not do this. (And if they do, they need to at least be explicit about it in the URL).
My general advice: if you are not sure or uncomfortable, assume it is spam or phishing and delete it.
This phishing attack is really good. Other than text like “we regret to announce” and a misspelling of “Apple”, most of the phrasing is well done and it all looks very official. Of course they sent it to my wrong email address, so that was another sign it was a phishing email. Most of the links are valid, too, except one that points to myioscare.uk. So yeah, beware. Here’s the text of the email:
Apple ID – <my email address at work>, (19 – September – 2014)
This notice is to therefore to inform you we regret to announce you that your Apple/iCloud Account (<my email address at work>) has been temporarily frozen until we can verify your iCloud Account details. This security measure to protect your Apple Account from unauthorized usage. We apologise for any inconvenience caused.
You will be unable to access Apple sync/backup or the iTunes/App Store & Apps Store until you update your Apple/iCloud Account details on file, we urge you to complete validation as soon as you can. Failure to update your account details within a 74 hours can result in deletion of your Apple/iCloud Account to protect our system.
How can I validate my Apple Account and restore my iCloud/Apple ID?
Just proceed to the highlighted link below to verify ownership of your Apple ID. Log-in in using your Appe/iCloud login and password, then read the instructions.
> Validate My Apple/iCloud Account
While using Apple products and apps, you’ll still sign in with your primary e-mail address as your Apple account.
If you have queries and want support, please visit the Apple Account Care site.
Case Validation Request: #UJ13HA41317-EU11