5 Replies Latest reply: Jul 26, 2013 3:37 PM by Klaus1
LindseyHatfield Level 1 Level 1 (0 points)

I have been getting email messages from Apple Itunes like;

Dear Mr .....

 

To reset your Apple ID password click the link below . . . .

an at the bottom is a link.

 

I am getting these at times when my devices are not in use, so I assume some attempt at hacking.

 

The link given is to https://iforgot.apple.com/iForgot/..........

Any idea if this is legit, or am I being hacked ?

any other ideas ?


iPad 2 Wi-Fi, iOS 6.1.3
  • 1. Re: Email about wanting to reset my password, not requested by ME
    babowa Level 7 Level 7 (23,310 points)

    You're not being hacked; however, it appears to be an attempt to make you click on a link and then furnish your information for the crooks to use/sell. Do not click on links in such emails, they're just about all scams.

  • 2. Re: Email about wanting to reset my password, not requested by ME
    ~Bee Level 7 Level 7 (30,775 points)

    Lindsey --

     

    You'll never get an email from Apple to reset your Apple ID.

    It is a scam, IMHO.

  • 3. Re: Email about wanting to reset my password, not requested by ME
    J.K. ROFLing Level 4 Level 4 (1,220 points)

    One other option is that someone made a mistake when trying to get into their account, but were actually in yours. Probably a typo, for example bob jones vrs bobjones (no space). When they couldn't log in, the clicked to allow a PW reset, so iTunes sent the notice to the email on record, yours.

     

    I had a friend who had a pretty simple account name and this happened to her quite frequently. Although no one was able to get into her account, it was a royal pain. I would suggest that you make sure you have a secure password on your account to prevent someone from guessing it, to be on the safe side. The reset link provided in the email you got is accurate, but I would manually enter it and not click on the link. One of the tricks of the scam babowa mentions is to use a valid URL but the actual link goes somewhere else.

  • 4. Re: Email about wanting to reset my password, not requested by ME
    Kurt Lang Level 7 Level 7 (31,995 points)

    A quick check to see where the link in that email really goes is to right click on the link and choose "Copy Link". Then open TextEdit and paste it in (Command+V). If it matches, then the link is real; or at least, it goes to the address you see. Otherwise, the real, non matching destination will be pasted in.

     

    Such faked address links are just an HTML anchor tag. You can give any text you want an address.

     

    You can do the same thing in these forums. Here, I'll use the text lead Apple Support page. And it goes pretty much where you'd expect. Now I'll use the text http://www.apple.com/support/ to go nowhere you'd expect. What looks like a web address is now just text, assigned to go somewhere else.

  • 5. Re: Email about wanting to reset my password, not requested by ME
    Klaus1 Level 8 Level 8 (44,495 points)

    Like past scams looking to grab passwords from unsuspecting Apple customers, the most recent volley of phishing emails, first noticed by ZDNet, take on the guise of relatively official looking correspondence.

     

    Taking advantage of Apple's ongoing developer center downtime, the phishing emails ask users to reconfirm their accounts to avoid "fraudsters" from stealing sensitive information.

     

    The latest attempts are less convincing than previous phishing schemes, with poor grammar and punctuation, the most glaring mistake being the missing capital letter "A" in "Apple." As with most nefarious emails attempting to secure sensitive user data, these Apple-related mailings direct users to a supposed password reset page.