In the article, How to Become A Pro At Spotting a Phishing Email, we gave you a step by step breakdown of a phishing email, or a business email compromise that targeted IT Support RI staff. As a refresher, the email sender spoofed Paul’s email address and tried to impersonate Paul in order to trick the staff into completing a task.

While business email compromise is increasing in popularity, the most common type of phishing emails appears to be from a well-known business. These emails impersonate a legitimate company and attempt to steal personal data, login credentials, or credit card information. Below you’ll find an example of a phishing email that appears to be from Apple.

Take A Closer Look

This email sender claims to be from Apple Support and has the subject line “Apple ID Locked.” The email also contains the Apple logo and looks like a legitimate email. The email is clear, concise, and resembles something you could receive from Apple. 

As with all phishing emails, examine everything in the email to see if anything seems strange.

Phish Tip #1: Always examine the greeting of an email. Here, the salutation says, “Dear Customer.” While you might not think twice about it, a generic greeting can be a warning sign. If you’re a customer, most companies will use your first name.

The generic greeting could be an indicator that a phisher is mass-emailing this exact same email to countless victims.

How Do You Feel?

Does this email make you nervous and get your heart pumping?

Do you suddenly feel panicked or threatened?

Do you feel like you need to click on the links immediately?

After all, you don’t want to risk losing your Apple ID account, do you?

Before impulsively clicking or acting on your feelings, try to use logic to work through the email and calm yourself down.

 Phish Tip #2: Phishers want to create a sense of panic in their victims. If you think your account is in danger, you’ll be more likely to enter your credentials and fall for their tricks!

If you think about it, isn’t is strange that Apple would automatically change your password without your consent? Doesn’t it seem a bit excessive to give you a 24-hour deadline to unlock your account?

When the intended target received this email, she panicked for a few minutes. Once the initial panic resided, the recipient realized one big flaw; this email was sent to a Yahoo email address that isn’t affiliated with her Apple ID account. The phisher almost succeeded, and happened to get lucky that their target has an iPhone and Apple ID.

Phish Tip #3: Always check the email header to confirm if the sender is who they claim to be. If you’re viewing a suspicious email on a mobile device, you can click or tap on the email’s sender. Clicking on the sender name, or in this case the “Apple Support” or AS icon, will reveal the sender’s actual email address.

After clicking on the sender, we can clearly see that this email address is not from Apple Support like it appeared. Instead, this is a scammer who is trying to steal your Apple ID login credentials!

If you’re too nervous to click on anything in the email, including the sender’s “From:” address, try to view it on a computer.

Open the Email in a Browser

While phones are handy, they’re not the best if you want to investigate a phishing email. If possible, open the email in an internet browser on a computer. Opening the email on a computer allows you to safely check out the links to check if the email is authentic or not.

Phish Tip #4: Just like when you’re on a mobile device, you can click the sender name to reveal the email address.

On the computer, the sender’s true email address is revealed and confirmed that the email is not from Apple!

Hover, Don’t Click

Opening the email on a computer helps determine if the links in go to the correct websites. For example, the website link says it goes to “iforgot.apple.com,” but where does the link actually take you? Phishers can easily disguise a link and make it appear to go to a genuine website.

Phish Tip #5: Always hover your mouse over a website link before clicking on it.

If you have the slightest suspicion that you received a phishing email, do not click on any links. If you’re not sure about the validity of a link, you can use your mouse to hover over the website. To do this, place your arrow cursor over the link, but don’t click it . On the bottom, left hand corner of your browser window (above your computer’s task bar), you can check where the URL directs you.

After hovering the mouse over the “Unlock Account >” and the “iforgot.apple.com” and website link, you can see that the hyperlink does not lead you to an Apple website.

Phishers are constantly working to improve their techniques to trick you into sharing your information. Some phishing emails are much more difficult to spot compared to others however, the basic warning signs are always present. Even if the email doesn’t seem like an obvious phishing attack, you should always closely examine everything in the email—especially if it mentions your account status, payment information, or encourages you to click on website links.

Most company emails will not,

  • Include attachments, or ask you to open an attachment.
  • Say your account is or will be disabled, locked, or deactivated.
  • Ask you to update your account details.
  • Say you need to confirm your account.
  • Include generic greeting (like Dear Customer, Hello, etc).
  • Include bad grammar or spelling
  • Ask for personal or sensitive information like a password, credit card numbers, credit card CCV codes, social security numbers, etc; by email
  • Contain links, shortened URLs, and URLs that don’t match the website’s true address.

Apple recommends that if you receive an email asking you to update your account or payment information, only do so in Settings directly on your iPhone, iPad, or iPod touch; in iTunes or the App Store on your Mac; or in iTunes on a PC.

If you received a suspicious email, you can also forward it to reportphishing@apple.com.