As an avid Komando.com reader, you know that phishing scams are nothing new. However, there is a relatively new trend with phishing emails that you really need to watch for.
And that is the level of sophistication some of these emails are being constructed with. The days of horrible grammar and spelling seem to be long gone.
Now, crooks are crafting emails that look so real it’s difficult for even the experts to tell them apart. There’s one making the rounds right now that looks like it’s an official notification from Apple. But don’t fall for it or your account could be drained.
Know before you click: fake vs real iTunes emails
If you’ve ever made a purchase through iTunes, you know that Apple emails you a receipt following the purchase. It’s a way to keep an eye on your account and make sure there’s no funny business going on.
What’s happening now is, scammers are creating spoofed emails pretending to be from Apple. You don’t even have to be an Apple user to be targeted, so anyone who gets this email could fall for it. And the email is so realistic looking, tons of people are falling for it.
It works like this: You receive what looks to be a receipt from Apple claiming that you’ve made a purchase, which of course you didn’t make. There is a link at the bottom of the message that you can click to see the full invoice and dispute the charge if you didn’t make the purchase.
That’s why this is such a successful scam. When you are charged for something that you didn’t buy, you’re obviously going to dispute the charge. Since the spoofed email looks so real, some people don’t think twice before clicking on the link. Bad idea!
This recently happened to a woman in Indiana. She told her frightening tale to the local news hoping to bring awareness to the scam and help others from falling for it.
Patricia Wells said she received an emailed receipt from Apple for a video game that she didn’t purchase. She clicked on the link to see the full invoice and it took her to a spoofed Apple site that asked for her credentials. But it didn’t stop there.
The fake site also asked for more personal information like her Social Security number. Fortunately, the bells went off inside her head telling her this wasn’t right. She immediately closed out of the spoofed site before handing her sensitive data over to criminals.
Sadly, not everyone figures it out before it’s too late. Many people have become victims of identity fraud from phishing scams just like this one. Don’t be the next to fall for it!
Here’s what a legitimate receipt from iTunes looks like. Note the sender is firstname.lastname@example.org
Things to watch for in a phishing attack
The most important rule to live by is be cautious with links inside emails and texts. Do not follow web links or open attached files found in unsolicited email messages, it could be a phishing attack.
If you need to conduct business with any company, it’s always best to type the web address directly into your browser. That way you know you’re not landing on a spoofed site.
Another good idea is to use unique passwords on every website. Many people use the same password for multiple websites, which is a terrible mistake.
If your credentials are stolen from one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
Also, make sure that you safeguard sensitive data. Too many unsuspecting people are mistakenly handing over sensitive information to scammers.
If you receive an unsolicited email, do not send payment or reply with personal information. You don’t want it to fall into the hands of criminals.
Plus, Apple says if you received a suspicious email, please forward it to email@example.com. If you’re on a Mac, select the email and choose Forward As Attachment from the Message menu.
If you think you might have entered personal information like a password or credit card info on a scam website, immediately change your Apple ID password.