There I was, at my desk on Monday morning, preoccupied with getting everything done before the Christmas break, and doing about 3 things at once (or trying to). An email hit my inbox with the subject “your account information has been changed”. Because I regularly update all my passwords, I’m used to these kinds of emails arriving from different companies – sometimes to remind me that I’ve logged in on this or that device, or to tell me that my password has been changed, and to check that I the person who actually changed it.
As I hadn’t updated any passwords for a couple of days, I was rather intrigued to see who had sent the email, and I immediately opened it. It was from Apple to say I’d added an email as a rescue email to my Apple ID.
Well that sounded wrong, so I clicked on the link to ‘Verify Now’ and was taken to a page that looked pretty legitimate.
I thought I should see what was actually going on, so I logged in to my Apple ID using my previous password. If I had been in any doubt, the fact that it accepted my out-of-date password made it very clear that this was a scam.
The site asked me to continue inputting my data. At the top of the pages are my name and address details. It’s also, for the first time, telling me that my account is suspended – always a hacker’s trick to get you worried and filling in information too quickly to think about what you’re actually doing.
Then the site starts to request credit card details and bank details …
And finally my date of birth so they can steal my identity, and a mobile number so that they can send me scam texts.
I know seven other people who received exactly the same email. And it’s just too easy to fall for, so any number of people could be waking up tomorrow with their identity stolen, and bank account and credit cards stripped of all money or credit.
With that in mind, here are some things to look out for in phishy (see what I did there) emails:
- Check the email address the email came from! If it looks wrong – it probably is!
- Hover your mouse over the links in the email to see where they take you. If this email had really been Apple it would have gone to an https:\\ address, at apple.co.uk
- Check grammatical errors in the text of the letter
Now if you do fall for an email as well executed as this, and if I’m completely honest, I’m shocked at how close to a real Apple email and website they looked, make sure you notify your bank and credit card companies immediately. Change all of your passwords as soon as possible because if you use the same log in combination for any other accounts those could be targeted next.
Christmas has always been a time for giving. Now it’s become the prime time for taking.
Written by Charlotte Seymour, 22nd December 2016