« Worthless Rewards Spam Piling Up | Main | Fake Adobe Creative Cloud Invoice »

October 09, 2014

Arriving today is a variation of the Apple Two-Factor ID phishing scam I wrote about recently. Claiming to be From: Apple Support with the Subject: iTunes Sign-in Alert!, this one builds on actual wording that Apple uses in a variety of ways (not always email) to the fact that you are using a previously unauthorized device to access your iTunes account. With millions of Apple customers upgrading to iPhone 6-generation devices, those who had previously signed up for two-factor account safety have seen these kinds of alerts, so they may not seem so frightening—more frustrating actually, because they've already registered their new phones. Such users can easily chalk up the email to Apple's systems getting confused and having to re-do their registration.

Crooks know this, and try to trick anyone with an iTunes account into handing over their iTunes login credentials (frequently linked to a credit card and much other personal information). Today's email begins "Your account was accessed from a device we did not recognize." And note how they try to emulate the look and feel of a genuine Apple communication:

If you know to roll the mouse over one of the active links (or press and hold the link if you're on an iPhone/iPad device), you'll soon see that the link goes to a domain other than apple.com. More importantly, if the email message has unnerved you enough to make you worry about your account, log into your account as usual (via the iTunes app), and not through links in email messages. You will quickly see that everything is normal.