I've recieved a few emails recently which when viewed upon my iPhone, appear to be legitimately coming from an Apple source. However when viewing upon my PC via Outlook - or when I looked more closely into the email headers, they are clearly not.
This is very troubling, and appears to be an ongoing issue. What can be done to assist here ?
One thought to add to this... wasn't it apt that there has been a lot of discussion recently over whether the US Presidential election was lost due to a simple Phishing scam ?
Regardless as to which side of the fence you're on... it makes sense to put more emphasis upon security and, to automate that where possible.
Which brings me back to my original issue - as to the selecting the headers on the mail messages... assuming you would do that, there is limited information... the attached, is simply an example - though its blatently obvious as a phising case - which ... bring me back to my original issue (again!).
An illustration below, when clicked upon the From: AppleID link, the following is shown.
Clearly, this is fake, but how many click upon "From" links to check authenticity ? This is a great example of where an automated check could be made, to at least categorise an email as being suspect....
I think, there is a serious gap between what can be done, and what is being done, especially upon devices that we all take for granted and use without "concerned-thought".
This basic lapse of security within Apples iPhone Mail Application simply makes it easier for Phishers/Scammers to yield returns.
Why isnt it being addressed ?
Obey one simple rule - never, under any circumstances follow any URL or enter any information from anything in any email, text or popup message. Never.
If the message refers to an account you actually own, you know how to independently login to that account via the appropriate app or web browser website. You can always, and always should, independently access and verify your account and information as you normally would access to. Never via anything in any message.
If a message says your AppleID is locked and you need to verify it, ignore the message completely. Open a web browser and migrate to Apple's secure https AppleID login portal and verify your account for yourself. You could also enable 2-step verification so nobody can login there to your AppleID without receiving a verification code on your trusted device(s).
Two-step verification for Apple ID - Apple Support
Two-factor authentication for Apple ID - Apple Support
You cannot fall victim to a phishing scam if you follow that simple rule.
These attacks continue and will do so forevermore since they exploit the weakest element in the chain: the human element. And unfortunately they are virtually impossible to stop without great expenditures in stuff such as Artificial Intelligence. And whenever you come up with a remedy, the miscreants devise another way to their nefarious means.
I strongly disagree with you.
A lot of these attacks can be recognized by looking at the mail headers.
The default mail program as delivered upon your iPhone does not allow you to do this easily. This is an ongoing situation, so I wonder how Apple can stand by and do nothing, whilst other Tech. Companies try their best to assist.
Phishing, and other illegal means of taking money from people, can be used to support Terrorism.
Hello,
Please report the email to Apple.
Reporting Suspected Phishing Attempts
If you receive what you believe to be a phishing email purporting to be from Apple, please send it to reportphishing@apple.com, a monitored email inbox, which does not generate individual email replies.
Forwarding the message with complete header information provides Apple with important information. To do this in OS X Mail, select the message and choose Forward As Attachment from the Message menu. For other email applications or webmail based services, consult your provider’s support information to determine how to forward messages with complete headers.
From here:
Phishing & Other Suspicious Emials
Also take a look at this article:
Identifying legitimate emails from the iTunes Store - Apple Support
There you go, Gus beat me to the punch. Phishing/SPAM is defeated at the server, not the end device. And the iCloud mail service is very good at that. So is Microsoft's Office365 product, a domain of which I manage. So if you're being preyed by the spammers or the phishermen, go pester your mail provider, it is not the phone's fault.
The Service provider is the first line of defense.... the iCloud service you manage, does a good job, though sadly ... in the case of the issue I am reporting failed.
Reporting SPAM to Apple, etc... seems a waste of time, nothing seemingly gets done - so whats the point.
What I am saying, is that if, given the information to determine an email is unreliable - through looking at the mail headers for example, why cant the basic iPhone App do the same... or even the Cloud based Mail Service. Why is it, that so many people fall foul of such a basic scam ? It's not rocket science, yet the mail readers obscure - such as that on the iPhone, obscure this fact.
svaardt wrote:
Why is it, that so many people fall foul of such a basic scam ?
For the same reason that a stupid email that states "send this to 100 people and we'll send you a $1000" still makes the rounds and people fall for it. For the same reason that an uninvited phone call telling you "that your computer is causing a problem on the internet" manages to fool people.
This is not a request based on iOS vs Andorid, it's simply a matter of the mail reader as delivered upon the iPhone.
Plain and simple. I am sure, Android, or other platforms have their own issues. However my request is focused upon the iPhone...
It appears (by default) to have no way to assist the reader, to determine whether an email is legitimate or not.
Furthermore, my other point, is that these Scam/Phishing attempts, can be a front for funding for Terrorist organisations... so why are they not being taken more seriously ?
If you're "Trolling" this request, then... perhaps, have a think about those who've lost their loved ones to Terrorists - both locally and abroad. Where do you stand ?
What type of security measure are you suggesting that they have? You can click on the name it is from and see who sent the email. Beyond that how are they supposed to assist the reader? If people report these emails using available means then at the server level various companies (and government agencies) can attempt to stop them.
If you want another example look at all the fake news that is out on the internet. How do we stop it.
While some spam money may go to terrorist organizations (most still stick with the more traditional drug sales, hacking, etc) by far the vast majority goes into the pockets of the people who set up these sites and send these emails.
I agree with you, email header inspection for most, may be uninteresting. However...
(1) eMail headers can be looked at by the mail program, and using very simple matching domain sources, used to flag suspicious emails from non-suspicious emails. Also, if you are interested, you can view the original purported source of the email - though more than likely, its a VPN or broken Mail Server... Mail headers are a useful feature for those who wish to view them. However in the main, most ignore them.
(2) Likewise, mail content - which is invariably monitored, can be parsed for suspicious links. Microsoft has done a great job over recent years in filtering suspicious emails, though still some slip through their net.
(3) Attachments - generally don't apply to the iPhone (hence I am not considering here in my request)
Handling 1 & 2, together would cut down a lot of the issues effecting unsuspecting people. Or even, an amendment to #2 which checked the link being clicked upon, with the text in the email, and alerted the user... (no brainer... )
So, why isn't it being done ?
The monies obtained from these activities go to where ?
It is being done. You can look at the full email address as I pointed out above (it puts it in a form to add it as a contact). Past that the people you are purporting to help wouldn't know what to do with a detailed header and as you already said it doesn't help much anyway. Those who are familiar with them will look at them on their computer. Problem solved.
As for number two if you are using an iCloud email account then it is parsed to look for junk/spam, etc. at the server level, just like Microsoft does, Yahoo does, Google does, etc. All at the server level. Microsoft does not do this at the smartphone.
The money from these endeavors goes into the pockets of people who are operating the business. It buys them yachts, and Bentleys, and huge houses, etc. Just like the roofing scammers, driveway repair scammers, phone call support scammers, charity scammers, religious scammers, etc. And these have been around for a long, long, long time, far before computers and the internet. And people still fall for the old fashioned ones.
Garage door replacement scams are popular right now in my area.
I agree you can click the "From" email address and see the purported sender... though no other details - though those would only be of interest to more Tech Savy folk.
My question/request is why cant the iPhone mail application be a little bit more "smarter" and flag potential phishing attempts by looking at this basic information - and at least Colour coding the emails... ?
Terrorists, just like other con-artists, need to be considered the same when it comes to sourcing funds from little Granny living down the Street. So with all the fantastic achievements being made in the Tech World - why cant a basic one as simple as a check on the source of an email be made ?
Hence, my thought if Apple cant/wont do it - why not simply not include the mail program at all, and let someone else provide it.
Are you not able to reply to individuals in this thread?
Because not even computers actually do that and smartphones are near as powerful and your laptop. That is a horrible misguided approach to computer security. On my computer mail client I can train it for junk mail and it does sometimes say it thinks something is junk, or it just automatically puts it in my junk file. But this is for benign junk mail.
For true phishing schemes they need to be approached at a much higher, powerful, central level. And all email companies do this. Maybe someday in the future smartphones will be more powerful than a bank of supercomputers but that isn't true today. Other mail clients that are available on smartphones also do not address criminal spam/phishing so there is no one else who provides it. You are asking for something that isn't a good approach to the problem. Just to put a database of ALL past phishing email addresses on an iPhone would require far more than the total storage on the iPhone.
The spam emails I have been getting lately are for secret shopper programs where I get to make $300 by just going shopping. So far all of the emails have been from .edu accounts. So I suppose I could block all .edu accounts but I actually have some I do get emails from that are legitimate. And they are spoofed email accounts anyway for the most part which again causes an issue for handling this at the end point.
Do you really think that tech firms haven't been trying to do this? Have you been living under a rock somewhere? And if you think this is simple then you have no technical skills and don't understand anything about what is going on.
We haven't even been able to stop scamming roofers who appear in person.
Deggie: "Reply" is reply, I see no reply to individual - is there any embarrassement over what I have to say ?
As to the Tech side, if you really wish to know, YES, I could do better, as too, could many other similar IT developers - though I suspect its not a "priority" (yet...) to fund that within Apple since I am refering to the default mail application upon the iPhone - not some 3rd party application. If Apple wishes me to provide them with a better version... then, I/we are here. Though to be fair, there are also many who are way better than me, hence why I would suggest Apple holds a contest to coincide with their yearly iphone replacement, for their basic/default Apps as delivered upon their phones - in order to refresh the latest trends in Security, etc.
Remember, the original concern that I raised that the most basic of phishing scams is not being addressed.
And, yes, I know phishing, etc, can be used for garage door scams (probably only in the US), however it can be also used for funding Terrorism... so what is being done about that ? Personally, apart from Terrorism, I really hate reading news stories about old folks who've lost their whole retirements due to Phising / Banking Scams - the purportraitors of which should also be considered as Terrorists, by virtue of the definition which fits suitably.
***
<Edited by Host>
Dangerous Phishing/SPAM
