You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

I wanted to know if this website is real

I have an urgent question I received this email (will send it down here) and then I went to one of the links and it opened a website for me that starts at c.apple.*** so I wanted to know if this is real or are they trying to hack into my user?


[Edited by Moderator]

Posted on Jun 27, 2021 10:56 AM

Reply
Question marked as Top-ranking reply

Posted on Jun 27, 2021 3:14 PM

babowa wrote:

Do you think that email address (the only thing I could make out in the upper right corner) is a legit email address? I was not sure especially since it could be but be re-directed to a scam site.

That is definitely a legitimate e-mail address. That doesn't mean much. Why would a scammer provide their own e-mail address?They want people to click, not reply. Of course, there is no way without looking at the internal headers of the message to say for sure that it originated from Apple.

Reggie wrote:

From a domain that is c.apple.com? And I haven't had a marketing email from Apple to a link to the App Store in like...ever.

The domain is "apple.com" and Apple definitely owns that. Anything that appears to the left of ".apple.com" is whatever the brilliant minds at Apple can think of that day and get someone in corporate DNS management to approve.


But again, this is a screen shot, so all bets are off. I don't even think it is a screenshot from Apple Mail. It might be Gmail or something. It is possible to fake out a domain such that it appears to look like "c.apple.com" but redirect to something else. It is also possible to do other clever tricks around that.


But the truth is, none of that matters in the least. I can guarantee that Apple regularly sends out e-mail messages like this. It's not just Apple either - all companies do it. The more often a company lectures you about how to spot a phishing attack, the more often it sends out legitimate e-mails to its own customers that tick every box in guide about how to spot a phishing attack. Why else would scammers do it? They know that people can't tell the difference. And it isn't because people are stupid. It is because companies do this millions of times a day, 24x7. Dollar for dollar, they make more money from it than the phishing scammers do.


There are a few things about this particular message, and some that I've received, that make them a little bit more suspect. For one thing, this e-mail was (originally) in Hebrew. It looks like they sent an English-language version too, but this is still an off-brand market for Apple. Those don't get the same level of attention from Apple. If you are in the US and only get consumer mailings, then Apple makes sure those are perfect. But anything outside the US, or outside mainstream consumer markets, you just have to go with your instinct. Based on your past interactions with this particular off-brand team at Apple, is this the kind of e-mail that Apple would send? Last year at this time, didn't Apple send out an e-mail to lots of people asking them to test "Bug Sur"? Freudian slip or just normal non-consumer e-mail quality?

18 replies
Question marked as Top-ranking reply

Jun 27, 2021 3:14 PM in response to babowa

babowa wrote:

Do you think that email address (the only thing I could make out in the upper right corner) is a legit email address? I was not sure especially since it could be but be re-directed to a scam site.

That is definitely a legitimate e-mail address. That doesn't mean much. Why would a scammer provide their own e-mail address?They want people to click, not reply. Of course, there is no way without looking at the internal headers of the message to say for sure that it originated from Apple.

Reggie wrote:

From a domain that is c.apple.com? And I haven't had a marketing email from Apple to a link to the App Store in like...ever.

The domain is "apple.com" and Apple definitely owns that. Anything that appears to the left of ".apple.com" is whatever the brilliant minds at Apple can think of that day and get someone in corporate DNS management to approve.


But again, this is a screen shot, so all bets are off. I don't even think it is a screenshot from Apple Mail. It might be Gmail or something. It is possible to fake out a domain such that it appears to look like "c.apple.com" but redirect to something else. It is also possible to do other clever tricks around that.


But the truth is, none of that matters in the least. I can guarantee that Apple regularly sends out e-mail messages like this. It's not just Apple either - all companies do it. The more often a company lectures you about how to spot a phishing attack, the more often it sends out legitimate e-mails to its own customers that tick every box in guide about how to spot a phishing attack. Why else would scammers do it? They know that people can't tell the difference. And it isn't because people are stupid. It is because companies do this millions of times a day, 24x7. Dollar for dollar, they make more money from it than the phishing scammers do.


There are a few things about this particular message, and some that I've received, that make them a little bit more suspect. For one thing, this e-mail was (originally) in Hebrew. It looks like they sent an English-language version too, but this is still an off-brand market for Apple. Those don't get the same level of attention from Apple. If you are in the US and only get consumer mailings, then Apple makes sure those are perfect. But anything outside the US, or outside mainstream consumer markets, you just have to go with your instinct. Based on your past interactions with this particular off-brand team at Apple, is this the kind of e-mail that Apple would send? Last year at this time, didn't Apple send out an e-mail to lots of people asking them to test "Bug Sur"? Freudian slip or just normal non-consumer e-mail quality?

Jun 27, 2021 1:55 PM in response to dinok5489

Read the following two links, as background for the sorts of scams and spam that’s around >


Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support


Identify legitimate emails from the App Store or iTunes Store - Apple Support


Those two links will give you a foundation of many types of scams that are endemic, and how to recognize some of those scams.


That written… This mail message looks like some Apple advertising


The c.apple.com domain is an Apple domain. Whether it’s spoofed or not, I can’t tell from what’s been posted here.


This mail message does look like the usual sort of Apple App Store advertising mailed out from Apple when the user doesn’t have their Apple advertising messages settings disabled. Disable and uncheck your Apple advertising preferences, and it’ll go away.


Two more links, for controlling your advertising preferences >


Manage emails about Apple and Apple services - Apple Support


Control personalized ads on the App Store, Apple News, and Stocks - Apple Support

Jun 27, 2021 11:06 AM in response to dinok5489

If you post a live link to a questionable website or email address, it will be removed by the moderators to keep people safe.


Did the email tell you that you had 8000 viruses on your device or wanted any private information? Never click on any link unless you know where it is going or what it is. As long as you did not give them any private info, you are fine. And, Apple will never send you such an email.

Jun 27, 2021 11:16 AM in response to dinok5489

As I said: Apple does not send emails unless you have a repair going on. So it was NOT an Apple link.


And it's not a hack; it's probably a crook trying to scam you to give them information so they can steal from you.


Edit: But we are in the US and I do not understand the language in the screenshot you just now added. However, it could be an ad from Apple. Did you subscribe to advertisements?

Jun 27, 2021 11:25 AM in response to dinok5489

As I said, I cannot read anything on that screenshot. And, just because there is a link ending with apple.com on the upper right, does not mean it will go to Apple. Scammers use software to re-direct you - you may think you are on an Apple website, but you are not.


Since I can't read anything, I would say it is from a scammer.


If you want, yes, change passwords just to be sure.

Jun 27, 2021 11:44 AM in response to dinok5489

That is almost certainly a legitimate e-mail from Apple. Unfortunately, it is extremely common for companies, even "security focused" ones like Apple to send out unsolicited e-mails that are identical to phishing e-mails - ticking off every single last "red flag" phishing indicator - but are completely legitimate. It would be easier to tell if this wasn't a partial screen shot and wasn't in Hebrew, but it is probably just a marketing e-mail from Apple.

Jun 27, 2021 5:11 PM in response to deggie

deggie wrote:

It isn't, "Reggie", so I guess you are even with Apple on the typos. Your bitterness if fairly obvious.

Sorry about the typo. I was trying to avoid two separate replies and manually added that part. I distinctly remember typing "deggie wrote:". The fingers sometimes have a mind of their own.


I don't know why you would attribute any of that to bitterness. Frustration, definitely. Apple is better than most companies in this respect. But the truth is that phishing is never going away. Legitimate companies will continue to send out e-mails saying "click here to update your account". And people will continue a futile effort to teach others how to differentiate the two.

I wanted to know if this website is real

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.