Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Faux Intuit Malware Lure | Main | Bogus Facebook Friend Requests »

April 03, 2012

Apple ID Password Message

If you receive a message like the following, do not click any links in the message:

Fake Apple ID reset message

The Subject: line of this message, "Your Apple ID password has been reset", is like the one that Apple sends out when you really change your password. But when this message arrives when you haven't changed your password, you might think that someone has gotten into your account and ripped off your Apple ID (and is now buying up the iTunes and Apple Stores on your credit card).

Although the above message is credible-looking (unless you dig into the message headers, which immediately reveal its origin not from Apple), each link is to a different hijacked web site where malware loaders are standing by to take over your machine.

Due to recent revelations of Java-based silent takeovers that can affect Mac OS machines (without requiring the user to enter any system passwords), it's best to avoid even coming close to a page that could grab your computer with a simple visit. Rolling the cursor over the links in the above message shows that the links are not to Apple — one simple way to check out the veracity of this and similar messages.

If you receive a message like this from any (apparent) source that has one of your passwords, visit the site from a previously-saved bookmark. If there is a problem with your password (a possibility approaching zero), you'll find out there.

Posted on April 03, 2012 at 10:14 AM