A plethora of Apple focused websites and iOS users are complaining about receiving a phishing scam email in their mail boxes. While we don't really "alert" our readers in case of emails that look "phishing" types, but we have to considering this one has almost all the looks and contents of an official Apple mail.
Phishing attacks are a norm in Internet world, the motive is all about getting your ID, passwords, credit card details and such sort of sensitive details. This is traditionally achieved by sending devious emails to a tons of users from a seemingly trusted source. Even if a small fraction of recipients respond to such mails, the job is done! If you use same ID for multiple accounts, things are more serious, time-sensitive and critical for you.
Apple ID phishing scam:
This latest Apple ID phishing scam is actually doing a good job (well done, phishers!) as it mimics an official Apple ID and does that fairly properly. The email header “You Apple ID has been disabled for security reasons!” does alert a user to act quickly on the contents of the email. Here is how this latest Apple ID phishing scam email looks like:
While the email does try to look official, it has its own flaws. Firstly, it only says "Dear" and not "Dear Rafia"; secondly, what even does the word "Penglist" mean? As one of the biggest tech firms of the world, we do expect properly written emails from Apple; third, Apple doesn't alert you for signing in from different IP address. Ever got an email alerting you when you tried to log in from your mobile, iPad, or a Mac? It doesn't do that.
How to report Apple ID phishing scam:
To report this and any other sort of Apple ID phishing scam, send an email to email@example.com forwarding the scam mail that you received. You would get an automated response which essentially means your report has been registered.
Also, remember that Apple never asks you to go to some website from an embedded link in an email. According to TUAW, placing a cursor over the link shows a third-party website with a top-level domain that was reponsible for about 21.5 percent of all the phishing attacks in 2010. Now we get how that email looked that professional!