Apple gift card scam emails

Mike-RM,

Spotted one of these last week in our issues in-tray. Indeed, the grammar is improving.

For the attention of the Apple Community, cyber security researchers, Google searches, etc, here is a summary of the scammer's message trail:

The initial email came from an apparently legitimate [ISP based] email address and read:

I hope all is well with you? I can't call for now. Please could you respond if you receive this.

Actually, I need a favour from you!

The scammer uses a different gmail account (why is that not a surprise) and tells us this:

Sorry to bother you. I'm unable to speak over the phone due to throat pain caused by laryngitis.

Finally the scammer emails with:

I really need to get an (Apple gift card) for a friend's daughter who is a cancer patient. I promised her as a birthday gift but I cannot do this right now because of the throat pain caused by laryngitis. I tried purchasing it online but unfortunately all efforts were to no avail. Wondering if you could get it from any shop around you ? I'll pay back

Nice try.

So if you're reading this and you have just received a similar unsolicited communication, AND you think it is suspicious BUT, you feel obliged to answer because it's from a legitimate family, work or friend's email, what do you do? A trick is to make a reply with a question. For example, "great to hear from you again! Is Doggo still at the vet?" Only a legitimate sender can send a legitimate response. Such as, "you know it died." If you can, text or call the real human as it will be news to them that their email address is now compromised.

Finally, report the phishing email to your appropriate national cyber security authority. All you will need to do is just forward the offending email message or messages to them.

Have a nice day.

To check your login sessions you need to log in into your mail account for example, go to the settings and look for security/last activity tab or something like that. If you have gmail account you need to go to the google account settings and then go to the security tab to find this option.

Here you could find how to save e-mails as files in native Mail app in MacOS.

Perhaps you have been aware of high odds that victimization is better

than lottery winner chances, if you or anyone you actually know, do go

ahead and participate in these sort of Scams.. Fake inheritances, fake

sick relatives out-of-country; robbed &/or now broke, in hospital, etc.

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

//support.apple.com/en-us/102568

"Use these tips to avoid scams and learn what to do if you

receive suspicious emails, phone calls, or other messages."

(Read entire related article ~ there always is more. Note 'how to report' these)

"If you're suspicious about an unexpected message, call, or request for

personal information or money, it's safer to presume it's a scam and

contact that company directly if you need to. If you're concerned about

a security issue with your Apple device, you can get help from Apple."

1. "To report an SMS text message, take a screenshot of the message and

send it via email. If you forward a message from Mail on your Mac, include

the header information by selecting the message and choosing Forward As

Attachment from the Message menu."

Family Emergency Scams | Consumer Advice

https://consumer.ftc.gov/all-scams/family-emergency-scams

How to Identify and Report Apple ID Phishing Email Scams

https://www.imore.com/how-identify-and-report-phishing

Get help with security issues - Apple Support

//support.apple.com/en-us/111756

Just got this very same email today supposedly from a friend in Ireland. Luckily I felt suspicious and said I didn’t purchase money products online and suggested she buy a physical Visa card that could be used at Apple. I was then asked to buy a physical apple gift card for £200. I did say that I thought she would have problems spending a card in AUD$ in Ireland, then said I’d get back to her in a few days when I got home.

Then I texted my friend to check. Have not yet had a reply. Also discovered the same email on two addresses.

in addition I told her about the death of someone she knew well while she lived here and the response was completely unlike her.

Looking forward to the next step.

Hello,

I'm very sorry to hear that. Do you provided any of your personal details (eg. credit card number, another e-mail address etc.) to the scammer or click any links or install and used any software the scammer sent you?

If yes, please contact your bank first, tell them whole story and block your credit card then contact local police station and report a scam. Next, follow the steps mentioned below (MFA activation and password reset etc.)

If no, you shouldn't be worry about this incident much. Report it at your local police station and just as precaution log in to your online accounts (e-mail first) and change passwords and enable 2FA (Two-Factor Authentication) or MFA (Multi Factor Authentication) where available. In the last step on all accounts find option log out from all devices and use it.

If you want to check that you were hacked, please check last login sessions, folders: sent, spam, trash. You should also check if any new rules where added to your e-mail client.