Apple ID account holders targetted

Anyone who has an iTunes account and therefore an Apple ID could be subject to a phishing email that is currently doing the rounds.

The Stay Smart Online Alert Service is reporting that

Apple ID account holders need to be cautious of a sophisticated phishing camping targeting your Apple ID, personal information and credit card details.

The phishing email looks official and currently includes the subject line “Update your Apple ID account”. Other known subject lines include: “Please update your Apple ID”, “Please verify the email address accociated [sic] with your Apple ID”, and “Your Apple ID has been Disabled for Security Reasons”. Similar versions could also reference iTunes.

The email includes a link which, when clicked, takes you to a fake, but realistic looking Apple website asking you to sign in to your account.

The Stay Smart Alert includes images of the fake emails to help users identify them. Read the whole newsletter here.

Most people unable to detect email phishing attacks: study

The Sydney Morning Herald recently reported that many recipients of rogue emails – or phishing attacks – were unable to detect that emails were fraudulent. Phishing is defined by Wikipedia as

act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.[1][2] Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware.[3] Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

A study carried out by North Carolina State University discovered that 92.5% of participants failed to detect fraudulent emails.

The findings are alarming given the growing personalisation of phishing attacks, in which scammers try to lure personal and proprietary information out of victims by posing as entities such as banks, airlines, stores and government agencies.

 

If you are unsure whether an email is legitimate or not, first check the email address the message was sent from and do not click on any links.

Read more the whole article here.

How to know if an email is real

Google has developed a one minute video to show how to identify fake emails from real ones. Often we can tell by ourselves; it’s usually unlikely that we’ve won several million British pounds in a lottery we never entered. But as some phishers are getting more audacious, this video might help you spot the fakes.