Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 162 - September, 2013 (2nd Edition) - Page 3

'Apple Account Frozen' Phishing Scam

Issue 162 Start Menu

Previous Article            Next Article

Outline
Email claiming to be from Apple advises that the recipient's Apple account has been frozen and will remain frozen until the recipient opens an attached file and validates account information.

Frozen Account

© Depositphotos.com/ a2bb5s



Brief Analysis
The email is not from Apple. It is a criminal ruse designed to phish Apple account details and financial information from unsuspecting users.

Bookmark and Share
Example

Subject: Urgent_Case

Dear Client,

This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it.

The account will continue to be frozen until it is approved And Validate Your Account Information. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.

This will help protect you in the future. The process does not take more than 3 minutes.

To proceed to confirm your account information please follow the instructions that will be required.

Please downloaded the attachment and open it in your browser.

Yours sincerely,

Frozen Apple Acount


Detailed Analysis


According to this email, which purports to be from Apple, the user's Apple account has been frozen temporarily in order to protect it. The message warns that, unless the user opens an attached file to validate account information, the account will remain frozen.

However, the user's account has not been frozen. In fact, it's not even cold.  In reality, the email is the work of criminals intent on robbing the user of his or her personal and financial data.

If our hapless user gets taken in by the trick and opens the attached file as instructed, a bogus Apple account login page will appear in his or her browser. Once "logged in" via the bogus page, the user will be taken to a second bogus form that asks for identifying information and credit card details.

After clicking "verify" on the second fake form, the user will be transported to the genuine Apple website and may remain blissfully unaware - at least for a little while - that his or her information is now in the hands of fraudsters.

Armed with the stolen data, the criminals can commit credit card fraud and identity theft.  They can also hijack the user's real Apple account and use it for their own nefarious purposes.

Apple, or other legitimate companies, will never ask customers to provide personal and financial information via an unsecure HTML form contained in an email attachment. Scammers are more often using fake forms sent via email attachments rather than links to bogus websites in an apparent attempt to bypass browser phishing warnings.

Like other high-profile companies such as PayPal and Amazon, Apple is regularly targeted in phishing scams.

It is always best to access your online accounts by entering the account address into your browse's address bar rather than by clicking a link. And NEVER enter usernames, passwords, or other sensitive data via a form contained in an attached file.

Bookmark and Share

Last updated: September 13, 2013
First published: September 13, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Paypal 'Strange IP from a Different Location' Phishing Scam
Amazon 'Important Message From Security Center' Phishing Scam
'Confirm Your Apple Account' Phishing Scam
Phishing Scams - Anti-Phishing Information



Previous Article            Next Article

Issue 162 Start Menu

Pages in this issue:
  1. Unlucky Frog LADEE Rocket Launch Photograph
  2. Reshipping Fraud - Parcel Mule Scams
  3. 'Apple Account Frozen' Phishing Scam
  4. Warnings Claim Facebook Is Deleting Pet Profiles
  5. CASE NOW SOLVED - Message Asks For Help to Identify Man Killed By Train in Melbourne
  6. HM Revenue & Customs Refund of Overpayments Phishing Scam
  7. 'Special Education Week' and 'Autism and ADHD Awareness Month' Messages
  8. Apple iPhone 5c Giveaway Like-Farming Scam
  9. Fake Companies House Emails Contain Malware
  10. Mysterious Carved Tree Hoax
  11. Land Registry Debit Notification Malware Emails
  12. Jennifer's Story - Dating and Money Laundering Scam
  13. Obama Muslim Stamp - USPS Muslim Holiday Stamp Release Protest Message
  14. Pickup Truck Bus Crash Texting Warning Message
  15. No, Facebook Is NOT Removing Veteran Amputee Images
  16. 'Email Account Pending Deactivation' Phishing Scam
  17. NatWest 'Bonus Reward' Phishing Scam
  18. No, Radiation from Fukushima has NOT Killed Hundreds of Whales
  19. Google Support 'Message Blocked' Pharmacy Spam Email
  20. Russian Sleep Experiment Story
  21. Carnival Cruise Free Vacation Packages Survey Scam
  22. Angelina Jolie is Not Dead - Fake Death Message Points to Rogue App and Survey Scam
  23. Bogus LinkedIn Invites Open Drug Store Spam Sites
  24. Kitten Giveaway Scam
  25. Miley Cyrus is NOT Dead - Miley Cyrus Suicide Facebook Scam
  26. Bogus Warning - 'Russian Booksellers Looking For Children'
  27. Dave and Angela Dawes Advance Fee Lottery Scams
  28. Gang Initiation Warning Hoax - Infant Car Seat Left On Roadside
  29. Dueling Banjos Hoax
  30. Football Star Joe Montana is NOT Dead
  31. 'I Am Meth' Poem