Q: Rescue email phishing scam from id.apple.com

Don't bet on it, Chrisell. I got it too. Here's what a phishing watchdog site says: http://www.ubergizmo.com/2011/12/new-phishing-scam-targets-apple-users/

In your case, I guess it could be a coincidence. But I'd say, don't believe it. I was able to sign in without the rescue email.

The rescue thing is not a phishing scam.

Same situation for me as Chrisell.  Another family member was asked for a rescue email address, and since they only have one, they gave mine and didn't mention it until I asked them just now. I hope Apple doesn't cross-link our accounts because of this.,

I got a similar e-mail and agree it looks deeply suspicious.

The normal apple ID domain is appleid.apple.com. I checked my account separately and there is nothing that needs verifying. Apple do seem to be updating security details - but then scammers know that too and may be jumping on the bandwaggon.

An e-mail linking to a web page that then asks for your account details - if it is real then Apple are being a bit dumb because this is exactly the sort of thing we have come to expect from phishing. I will not be responding to it.

Ali

If you log directly into your Apple ID support page, it mentions the rescue email in it. So that proves that the rescue thing is not a phishing scam.

It's not a phishing scam. iTunes has recently implemented a new security system with 3 security questions and a rescue email. If you haven't been yet, you will be asked to enter some information the next time you try to buy something from iTunes. One of these fields is the rescue email which is optional, but will let you recover your account if you need to.

"If you log directly into your Apple ID support page, it mentions the rescue email in it. So that proves that the rescue thing is not a phishing scam."

Actually it doesn't for me. I have not yet been asked for the security questions nor a rescue e-mail by my iPad and no one I know has used my e-mail address for their rescue set-up (or at least none are owning up to it) so I am still uncertain about whether this is the real thing.

I accept that Apple are sending out similar e-mails and perhaps this is a genuine example. But if so I still think Apple are being dumb - normally up such an e-mail link takes you to a page that immediately says "thanks for confirming..." but this one asks you to enter both your ID and password. That is just asking for cynics like me to refuse or for scammers to start sending out copycat e-mails.

Ali

If this is not a scam is there anywhere on the Apple site we can go to directly to do what's needed, without going through the links on the email? With no disrespect to Babaganoosh and Matthew97 this still looks like a scam.

The rescue e-mail is not mandatory, so if you can ignore it without losing access to you account.

If you go to appleid.apple.com then follow the link to "manage my account" you can add extra e-mail addresses. I am not sure whether these would count as "rescue" addresses though.

Ali

See for yourself:

https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/

Once you sign in, the rescue option is right there.

I don't see it. Maybe it's because I'm not a US based user. Only one security question and no email option... If moving to three questions and a security email is something coming, why have they sent it to me when I can't implement it. I'm filing the original mail and not actioning. It's too weird. Request to Apple: Make it clear what needs to be done, with instructions on how to access the right places direct from the apple site, not from an email, and who it applies to, who not...

"See for yourself:

https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/

Once you sign in, the rescue option is right there."

Yup, that is exactly what I did but there is no mention of a rescue option nor rescue e-mails for me. Just normal settings and "normal" e-mail addresses. Like francksn I am not US based and agree with the "Request to Apple..."

Ali

Amazingly this appears to be legit. If so this is the worst kind of security update I've seen from any vendor. Other posters are right, this is exactly what you'd expect from a phishing scam. I'm stunned this has come from Apple.