I received this, via email, from "apsupr87@confirm-activity.com"


Your Apple ID was used to sign in to iCloud website and make a payment via iTunes Store


New Device: iPhone 7 Plus
Date and Time: 23 May 2017, 06:51 GMT
Operating System iOS 10.3.1
Location: Valencia, Carabobo, Venezuela

Please, Download and read the attached You will find message & Invoice In Adobe Reader (PDF) format

Notice the syntax and odd use of commas, etc. Supposedly the account is locked and I am required to fill out a form to regain access to it. Firstly, I don't own a iPhone and secondly, instead of answering security questions, the form would have me type in my name, address, phone number and social security number!

Well, sorry, you're not fooling 'ol clubleaf quite that easily, go try that crap on someone else.

quote:

apsupr87@confirm-activity.com

There's the clue.

I'd have never known what was in it, because I'd have never opened it. Is it possible that's how you get got?

The thing is, if they send it out to 1 million people, they know that 999,999 will immediately ignore/delete it. But that one guy...

And it only has to work once to make it worthwhile.

Then rinse/repeat with another million people.

That's how you get got.

Anytime you get an email about an account that has been compromized or whatever, contact the agency via a known good method.

For example, you get an email "from your bank", pick up the phone and call, or open your browser and visit the bank's website and sign in that way.

Never, ever click on any links to the "bank" (or whatever agency), and do not open any attachments that purport to be the "remedy" etc.

People tend to become concerned and wish to act quickley if they believe they have been a victim of loss, and out of emotion, will often act before thinking through.

It is reactionary and re-enforced behavior in life, and that is used against you.

quote:

Originally posted by 12131:

quote:

apsupr87@confirm-activity.com

There's the clue.

Yeah, I'd say that is a rather large red flag.

Now, I do have an Apple product, an iPad Air 2, so it isn't odd that I would receive mail from Apple, however I have never set up a iCloud account, so it isn't as though my CC will get dinged. It is sort of unsettling to think of someone who might actually believe that email and blithely fill out the "form" with all their personal information. I guess that is why the "pidgeon drop" scams still work in this day and age.

A couple other ways to confirm legitimacy:

1. Learn how to read email headers. If, for example, the email claims to be from Apple, and the top-most "Received:" header isn't from a legitimate Apple domain (e.g.: "apple.com"), it's a pretty good bet it's bogus.

Unfortunately, not all email client apps support showing full headers. That's my main complaint about iOS' Mail app :/

2. Use "tagged" (aka: "plussed") email addresses. E.g.: If you're registering with Apple, use jdoe+appl@example.com instead of merely jdoe@example.com as your email address. That way, if you receive an email allegedly from Apple, and it wasn't sent to your Apple-tagged email address, you know there's a good chance it's bogus.

Most modern email systems support tagging. Gmail's does. So does iCloud.com. I don't know about Outlook.com. Best thing you can do is try it. And if you run across a site that prevents tagging because they don't allow "+" in an email address: Complain about it. It's legit, and very handy.

Another advantage to tagging email addresses: If you all-of-a-sudden start getting spammed on your jdoe+something email address, you know whomever you gave that address either sold it or was compromised.

Thanks for that tip, ensigmatic. I had never heard of tagging. I will start using it when dealing with online vendors and other contacts.

quote:

Originally posted by clubleaf206:

Please, Download and read the attached You will find message & Invoice In Adobe Reader (PDF) format

Notice the syntax and odd use of commas, etc. Supposedly the account is locked and I am required to fill out a form to regain access to it. Firstly, I don't own a iPhone and secondly, instead of answering security questions, the form would have me type in my name, address, phone number and social security number!

Well, sorry, you're not fooling 'ol clubleaf quite that easily, go try that crap on someone else.

Wait... you didn't download the file (PDF) did you?

Forward it to the Nigerian lottery lawyer!