HT4865: iCloud security and privacy overview

Learn about iCloud security and privacy overview
Linda Sands
Level 1 (1 points)

Q: how can i report a phishing email with an icloud address?

I got an email purporting to be from Apple requesting my email user name and password for my iCloud account.  The return address is an iCloud.com address.  Obviously, I know it was a phishing email, but is there some way to forward it to Apple so they can see if it actually did  originate from an iCloud address?

MacBook, Mac OS X (10.7.4)

Posted on Jun 4, 2013 9:45 PM

by gail from maine,Solvedanswer
gail from maine gail from maine
Level 7 (26,294 points)
iCloud
A:

Hi Linda,

 

Apple suggests that you:

 

What to do with suspicious iCloud emails

If you receive a suspicious email, select the message text so that it is highlighted. Choose Forward as Attachment from the Message menu (OS X Mail) or the Actions menu (Outlook). Send the email to abuse@me.com. This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.

 

 

Hope this helps!

 

GB

Posted on Jun 4, 2013 9:52 PM

Close
Linda Sands

Q: how can i report a phishing email with an icloud address?

  • All replies
  • Helpful answers

  • by gail from maine,Solvedanswer

    gail from maine gail from maine Jun 4, 2013 9:52 PM in response to Linda Sands
    Level 7 (26,294 points)
    iCloud
    Jun 4, 2013 9:52 PM in response to Linda Sands

    Hi Linda,

     

    Apple suggests that you:

     

    What to do with suspicious iCloud emails

    If you receive a suspicious email, select the message text so that it is highlighted. Choose Forward as Attachment from the Message menu (OS X Mail) or the Actions menu (Outlook). Send the email to abuse@me.com. This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.

     

     

    Hope this helps!

     

    GB

  • by Linda Sands,

    Linda Sands Linda Sands Jun 5, 2013 5:25 AM in response to gail from maine
    Level 1 (1 points)
    Jun 5, 2013 5:25 AM in response to gail from maine

    Thanks, Gail.  I did as Apple suggested.

  • by gail from maine,

    gail from maine gail from maine Jun 5, 2013 9:36 AM in response to Linda Sands
    Level 7 (26,294 points)
    iCloud
    Jun 5, 2013 9:36 AM in response to Linda Sands

    You are welcome Linda!

     

    Cheers,

     

    GB

  • by simsboynton,

    simsboynton simsboynton Jun 9, 2013 7:14 PM in response to gail from maine
    Level 1 (14 points)
    iPhone
    Jun 9, 2013 7:14 PM in response to gail from maine

    Hi Gail,

     

    I’m answering your question because I’ve received so many spoof/spam messages lately to my email address(es) at me.com. I decided to find out how to report them.

     

    Here’s what I found out:

    Suspicious email messages can be forwarded to one of the following;

      

    Make sure to include the long header.

    Long headers can be displayed using the menubar (see below)

    __email-long-header-navigation.jpg

     

     

    Then either copy & paste the long header or simply forward the entire message.

    Example of long header from a suspicious email:

    From:   Kikki Howard <noreply@hakahakajkfbczj.googlemoogl.tk>

      Subject:   Kiss to you

      Date:   June 9, 2013 4:21:21 PM PDT

      To:   xxxxx@me.com

      Return-Path:   <noreply@hakahakajkfbczj.googlemoogl.tk>

      Received:   from nk11p00mm-smtpin004.mac.com ([xx.xxx.xxx.xxx]) by ms04574.mac.com (Oracle Communications Messaging Server 7u4-26.01(7.0.4.26.0) 64bit (built Jul 13 2012)) with ESMTP id <0MO5001Y5FJL6NL0@ms04574.mac.com> for xxxxx@me.com; Sun, 09 Jun 2013 23:21:21 +0000 (GMT)

      Received:   from hakahakajkfbczj.googlemoogl.tk ([91.191.18.62]) by nk11p00mm-smtpin004.mac.com (Oracle Communications Messaging Server 7u4-27.05(7.0.4.27.4) 64bit (built Apr 23 2013)) with SMTP id <0MO50002UFJJV0G0@nk11p00mm-smtpin004.mac.com> for xxxxx@me.com (ORCPT xxxxx@me.com); Sun, 09 Jun 2013 23:21:21 +0000 (GMT)

      Received:   from nwk-txn-msbadger0204.apple.com (nwk-txn-msbadger0204.apple.com. [xx.xxx.x.xx]) by xx.xxx.x.xx with HTTP; Mon, 10 Jun 2013 01:21:21 +0200

      Original-Recipient:   rfc822;xxxxx@me.com

      X-Proofpoint-Virus-Version:   vendor=fsecure engine=2.50.10432:5.10.8626,1.0.431,0.0.0000 definitions=2013-06-09_07:2013-06-08,2013-06-09,1970-01-01 signatures=0

      X-Proofpoint-Spam-Details:   rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=14 phishscore=0 bulkscore=53 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1305010000 definitions=main-1306090279

      Dkim-Signature:   v=1; a=rsa-sha256; c=simple/simple; d=hakahakajkfbczj.googlemoogl.tk; s=hakahakajkfbczj; h=from:subject:date:to:content-type; bh=tL+/wJmQOT1qfRAmSggBixqXyEIqt839Zb4SbOAPNOM=; b=…lggV4PzuGc/TkDUNdlU=;

      Message-Id:   <0D66EC23-70A1-D480-7514-D280D76FF040@apple.com>

      Mime-Version:   1.0 (Apple Message framework v936)

      Content-Type:   multipart/mixed; boundary="-4277442969-183115831-7904244676=:70228 ”

     

    You can find more info at:

     

    b/r’s, ab/simsboynton