Steve Zodiac
Level 1 (21 points)
Mac OS X

Q: email received from applied@id.apple.com Will it be a phishing one?

Hi all,

 

My sister has received two emails today, both purporting to be from Apple. The originating address would appear to be applied@id.apple.com, and I've read on other threads in this community that this is not a genuine Apple email address.

 

However, unlike most scams and phishing messages, these salute her using her real first name, rather than a generic 'Dear Customer'.

 

They also refer to a verification code that has been sent to her iPhone by an AppleCare Advisor, and ask her to provide the said code displayed on her device. And the thing is that there IS a verification code on her iPhone when she wakes it up, which asks her to tap 'OK'.

 

The message also says 'If you did not contact AppleCare recently and believe someone else may be trying to access your account, please reset your password and security questions right away.'


I've told her to do nothing until she hears further from me. (Because she doesn't know how to reset her password etc.)

 

Are these messages likely to be phishing, or scams, or could they really be genuine?

iPhone 6, iOS 8.1.3

Posted on Mar 4, 2015 7:04 AM

Close
Steve Zodiac

Q: email received from applied@id.apple.com Will it be a phishing one?

  • All replies
  • Helpful answers

  • by Allan Eckert,

    Allan Eckert Allan Eckert Mar 4, 2015 7:06 AM in response to Steve Zodiac
    Level 9 (54,112 points)
    Desktops
    Mar 4, 2015 7:06 AM in response to Steve Zodiac

    Yes. Delete it and move on with life.

  • by Aloixa Sinclaire,

    Aloixa Sinclaire Aloixa Sinclaire Mar 8, 2015 11:24 AM in response to Steve Zodiac
    Level 1 (0 points)
    Mar 8, 2015 11:24 AM in response to Steve Zodiac

    I had this same inquiry - and might I say, the help provided by the feedback from Allan Eckert is "top-notch"....sigh. Thanks for your genuine concern about your fellow Apple users - great community guys :/

  • by TJBUSMC1973,

    TJBUSMC1973 TJBUSMC1973 Mar 8, 2015 11:28 AM in response to Allan Eckert
    Level 5 (7,636 points)
    Mar 8, 2015 11:28 AM in response to Allan Eckert

    Actually, if it is from 'appleid@id.apple.com', then that's a legitimate email.

    I just tested this by requesting a password reset on the Apple ID website.  The 'from' email is 'appleid@id.apple.com'.

  • by TJBUSMC1973,

    TJBUSMC1973 TJBUSMC1973 Mar 8, 2015 11:29 AM in response to Aloixa Sinclaire
    Level 5 (7,636 points)
    Mar 8, 2015 11:29 AM in response to Aloixa Sinclaire

    What exactly about Allan's response (other than it's possible inaccuracy) are you having a problem with?

  • by Aloixa Sinclaire,

    Aloixa Sinclaire Aloixa Sinclaire Mar 8, 2015 11:45 AM in response to TJBUSMC1973
    Level 1 (0 points)
    Mar 8, 2015 11:45 AM in response to TJBUSMC1973

    it's fairly flippant and dismissive of a genuine concern posted by a user...perhaps I'm "reading too much into it" - but telling an unknown user to "get on with life" doesn't help that user address the issue at hand.

  • by TJBUSMC1973,

    TJBUSMC1973 TJBUSMC1973 Mar 8, 2015 11:55 AM in response to Aloixa Sinclaire
    Level 5 (7,636 points)
    Mar 8, 2015 11:55 AM in response to Aloixa Sinclaire

    Aloixa Sinclaire wrote:

     

    it's fairly flippant and dismissive of a genuine concern posted by a user...perhaps I'm "reading too much into it" - but telling an unknown user to "get on with life" doesn't help that user address the issue at hand.

     

    If it was an actual phishing scam, then deleting it and ignoring it (i.e., moving on with life and more important matters) is a perfectly valid recommendation.

    I do think that perhaps Allan's information was not accurate, though, which is why I replied.  Well, after you bumped the thread, of course.

     

    Here's what has happened; you have inferred a 'tone of voice' that was neither provided nor implied in Allan's post.  I 'heard it' as a friendly, gentle encouragement, synonymous with: "Nothing to worry about, my friend.  You can safely delete it, ignore it, and continue on with more important things in life.  Be well!"

    You obviously heard it with a negative tone.  And traditionally, when a specific 'tone' is not clear in a written passage, the reader imbues a tone of their own creation.  In other words, if you expect to hear a negative tone, you will usually hear it in a neutral comment.  If you expect to hear a positive tone, that's what you'll hear.

     

    Perhaps take a moment, clear your head, and read what he wrote again, and this time, try a positive mindset.  Does the 'tone' sound different now?

     

    The 1 liter glass has 500 milliliters of water in it. 
    Is that glass half-full or half-empty?

  • by Steve Zodiac,

    Steve Zodiac Steve Zodiac Mar 8, 2015 2:37 PM in response to TJBUSMC1973
    Level 1 (21 points)
    Mac OS X
    Mar 8, 2015 2:37 PM in response to TJBUSMC1973

    Okay. OP here...

     

    Right, so the first reply was inaccurate, and the originating email address of the emails does not necessarily mean that my sister received a phishing email. (Just for info, I didn't take that reply to be anything other than what the words stated, and I followed the advice in it, deleted the messages and did nothing.)

     

    But, if it was a genuine email from Apple, does this mean that some third party pretending to be my sister will have been in contact with AppleCare, resulting the the AppleCare verification code being sent along with the emails she received?

     

    In that case I guess we ought to follow the advice in the emails and reset her password and security questions...

  • by Lawrence Finch,

    Lawrence Finch Lawrence Finch Mar 8, 2015 2:53 PM in response to TJBUSMC1973
    Level 8 (38,312 points)
    Mac OS X
    Mar 8, 2015 2:53 PM in response to TJBUSMC1973

    TJBUSMC1973 wrote:

     

     

    The 1 liter glass has 500 milliliters of water in it. 
    Is that glass half-full or half-empty?

    It's twice the size it needs to be (engineer's answer).

     

    Back to the original question. If you request a password reset you will get a message from appleid@id.apple.com. If someone else requests a password reset for your account then YOU will get a message from appleid@id.apple.com. Thus, if you had requested a password reset you should respond to the email. If you had NOT requested a password reset, then you should not respond. The message will come seconds after you initiate the request, so there's no way you can forget if you had requested a reset or not.

     

    There's a 3rd case; the email is actually a spoof or "phishing" email. In this case the link in the message will not be to an Apple.com URL, and the FROM address will not really be an Apple address either, it will just look like one. If you hover your mouse over the link your email program will display the actual URL of the link. If it isn't an Apple.com URL then it is a phishing email. Not only should you not respond, you should also forward it to reportphishing@apple.com so Apple can have the site taken down. see: http://www.apple.com/legal/more-resources/phishing/.

  • by Lawrence Finch,

    Lawrence Finch Lawrence Finch Mar 8, 2015 3:09 PM in response to Steve Zodiac
    Level 8 (38,312 points)
    Mac OS X
    Mar 8, 2015 3:09 PM in response to Steve Zodiac

    It's quite possible someone is trying to hack her account. Then you would get a legitimate email from Apple with a reset link. In that case DO NOT CLICK THE LINK, WHATEVER YOU DO.

     

    As there is someone trying to hack her account this would be a good time to add 2 factor authentication to the account for added protection: Frequently asked questions about two-step verification for Apple ID - Apple Support

     

    Note that there IS a downside to two-step verification - once you have set it up Apple will not help you if you forget your password; you assume complete responsibility for managing your account.