I don’t want to use the same article title for this post as the post Krebs on Security wrote in regards to Apple and their recent Phishing expeditions. I’m not saying that Apple is sending out these emails at all, but I am saying that Apple is now the target of such email sending lately.
According to the article Phishing for Apples, Bobbing for Links apple’s web site is now being utalized to harvest these sites.
I don’t remember if I reported that Michael in Indiana, someone who has published some audio for the podcast as of late, sent me a very interesting email and asked me to look at it. The email in question was definitely a phish, but the web site went to apple’s web site but a very different link. I went to both pages, looking at the URL’s very carefully.
KrebsOnSecurity heard from a reader in South Africa who recently received a text message stating his lost iPhone X had been found. The message addressed
him by name and said he could view the location of his wayward device by visiting the link https://maps-icloud[.]com — which is most definitely not a legitimate
Apple or iCloud link and is one of countless spoofing Apple’s “Find My” service for locating lost Apple devices.While maps-icloud[.]com is not a particularly convincing phishing domain, a review of the Russian server where that domain is hosted reveals a slew of
far more persuasive links spoofing Apple’s brand. Almost all of these include encryption certificates (start with “https://) and begin with the subdomains
“apple.” or “icloud.” followed by a domain name starting with “com-“.
This is just one paragraph of this article. The post has brackets to hobble the links from being clickable, and I think they’re worth sharing.
- apple.com-support[.]id
- apple.com-findlocation[.]id
- apple.com-isupport[.]in
- icloud.com-site-log[.]in
apple.com-sign[.]in
As people new to the Internet come to this blog to learn, the article mentions that savvy readers know this and normally either check the link to see where they’re really going, or don’t bother clicking.
The problem we as blind people have is that these emails just say verify your account, as the link, and we don’t have any way of verifying the link. To make matters worse, Safari to my knowledge will only show apple.com when we double tap on the link to see where we’re going. This makes it quite hard for us to really verify these links, so I aught to say, check the address. In Michael’s case, the address that it was sent from was completely different than those that apple may use. Also, keep in mind that not all Phishing emails will be alike. They may be still coming riddled with mistakes, non-sensical aspects to evade detection by changing letters in certain words, and other aspects that I may not cover here.
Of course, any domain can be used as a redirect to any other domain. Case in point: Targets of the phishing domains above who are undecided on whether the link refers to a legitimate Apple site might seek to load the base domain into a Web browser (minus the customization in the remainder of the link after the first forward slash). To assuage such concerns, the phishers in this case will forward anyone visiting those base domains to Apple’s legitimate iCloud login page (icloud.com).
The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing
scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites.
This is sound advice, but sometimes the curious get curious. I would say to check the address. In mail, find the name where it says from and look carefully at the address. You can see where it goes without adding it to your contact. When done, double tap done.
Since a lot of people now have iphones and/or android devices and not necessarily a computer, this may be the only way for us to be safe. Thanks Brian for giving us yet another very interesting article to talk about and bring a different way of presenting a different aspect to this phishing problem.
Have any other advice to share? Please leave your comments here, and we’ll be in touch. Thanks so much for reading!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.