A vast phishing attack has broken out, beginning on or around Christmas day, with e-mails being sent with the subject “Apple update your Billing Information.” These well-crafted e-mails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time. The messages claim to come from “firstname.lastname@example.org.” Here’s what the content looks like:
If you click on the link in the message, you will be taken to a realistic looking sign-in page, then, after entering your Apple ID and password, you’ll be taken to a page asking you to update your account profile, notably entering your credit card information. Again, this page looks realistic, and many of the elements it contains are taken from Apple’s own web pages.
So how do you know that this is a phishing e-mail? The first rule of thumb is to move your cursor over the link in the message and wait for a tooltip to pop up:
As you can see above, the URL that displays is not an apple.com address, but rather a numerical address (we’ve blurred the first part of the address). At the end of the address is a page called apple.htm, which could fool people, but that’s not what’s important. Always look at the part right after the http:// in the URL: if it’s not something.apple.com (it could be www.apple.com, store.apple.com, or something else), then it’s bogus.
We hope you’ll be careful if you’re new to Macs and Apple products. We work hard to keep Mac and Apple users safe from the many dangers of the Internet.