An email purporting to be from Apple about a locked ID had a link ***
Has anyone any knowledge of this?
It seems to have wiped my login on that particular machine - a 12inch MacBook.
<Link edited by Host as following the procedures at the site may lead to damage to the user’s device>
MacBook Pro with Retina display, macOS High Sierra (10.13.3), MacBook Retina 12-inch Early 2016
Apple will always address you by your name or the name they have on file for you and the e-mail will be from @apple.com.
Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams
Identifying legitimate emails from the iTunes Store
Send the e-mail to Apple as an attachment to a new e-mail before deleting it.
Can you log into your computer? If not, what happens when you try? More information would help.
Apple will always address you by your name or the name they have on file for you and the e-mail will be from @apple.com.
Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams
Identifying legitimate emails from the iTunes Store
Send the e-mail to Apple as an attachment to a new e-mail before deleting it.
Can you log into your computer? If not, what happens when you try? More information would help.
Hi again Eric
Result of Etrecheck ...
EtreCheck version: 3.4.6 (460)
Report generated 2018-02-10 18:11:19
Download EtreCheck from https://etrecheck.com
Runtime: 2:39
Performance: Excellent
Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.
Problem: Other problem
Description:
Possible scam pop-ups
Hardware Information: ⓘ
MacBook (Retina, 12-inch, Early 2016)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook - model: MacBook9,1
1 1.2 GHz Intel Core m5 (m5-6Y54) CPU: 2-core
8 GB RAM Not upgradeable
BANK 0/DIMM0
4 GB LPDDR3 1867 MHz ok
BANK 1/DIMM0
4 GB LPDDR3 1867 MHz ok
Handoff/Airdrop2: supported
Wireless: en0: 802.11 a/b/g/n/ac
Battery: Health = Normal - Cycle count = 38
Video Information: ⓘ
Intel HD Graphics 515 - VRAM: 1536 MB
Color LCD 2560 x 1600
Disk Information: ⓘ
APPLE SSD AP0512J disk0: (500.28 GB) (Solid State - TRIM: Yes)
(disk0s1) <not mounted> [EFI]: 315 MB
(disk0s2) <not mounted> [APFS Container]: 499.96 GB
USB Information: ⓘ
USB30Bus
Virtual disks: ⓘ
Macintosh HD (disk1s1 - APFS) / [Startup]: 499.96 GB (398.14 GB free)
Encrypted: Yes (Unlocked)
Physical disk: disk0s2 499.96 GB (398.14 GB free)
(disk1s2) <not mounted> [Preboot]: 499.96 GB
Physical disk: disk0s2 499.96 GB
(disk1s3) <not mounted> [Recovery]: 499.96 GB
Physical disk: disk0s2 499.96 GB
(disk1s4) /private/var/vm [VM]: 499.96 GB
Physical disk: disk0s2 499.96 GB
System Software: ⓘ
macOS High Sierra 10.13.3 (17D47) - Time since boot: about one hour
Gatekeeper: ⓘ
Mac App Store and identified developers
System Launch Agents: ⓘ
[not loaded] 8 Apple tasks
[loaded] 172 Apple tasks
[running] 110 Apple tasks
System Launch Daemons: ⓘ
[not loaded] 37 Apple tasks
[loaded] 189 Apple tasks
[running] 105 Apple tasks
Launch Agents: ⓘ
[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2017-09-28) [Lookup]
[loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-01-26) [Lookup]
Launch Daemons: ⓘ
[loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2017-12-14) [Lookup]
[loaded] com.google.keystone.daemon.plist (Google, Inc. - installed 2017-10-13) [Lookup]
[loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-01-26) [Lookup]
[loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2016-06-11) [Lookup]
User Launch Agents: ⓘ
[running] com.spotify.webhelper.plist (Spotify - installed 2018-01-08) [Lookup]
Internet Plug-ins: ⓘ
Silverlight: 5.1.50901.0 (installed 2016-11-15) [Lookup]
FlashPlayer-10.6: 28.0.0.137 (installed 2018-01-09) [Lookup]
Flash Player: 28.0.0.137 (installed 2018-01-09) Outdated! Update
QuickTime Plugin: 7.7.3 (installed 2018-01-26)
3rd Party Preference Panes: ⓘ
Flash Player (installed 2017-12-14) [Lookup]
Time Machine: ⓘ
Time Machine not configured!
Top Processes by CPU: ⓘ
49% mdworker
48% mdworker
47% mdworker
7% WindowServer
2% trustd
Top Processes by Memory: ⓘ
740 MB kernel_task
189 MB iTunes
139 MB com.apple.WebKit.WebContent
131 MB Mail
113 MB Sonos
Top Processes by Network Use: ⓘ
Input Output Process name
263 KB 84 KB mDNSResponder
165 KB 6 KB Sonos
53 KB 57 KB apsd
9 KB 3 KB netbiosd
0 B 152 B SystemUIServer
Top Processes by Energy Use: ⓘ
9.00 WindowServer
0.14 thermald
0.04 cloudd
0.02 com.apple.WebKit.Networking
Virtual Memory Information: ⓘ
4.13 GB Available RAM
1.55 GB Free RAM
3.87 GB Used RAM
2.58 GB Cached files
0 B Swap Used
Software installs (last 30 days): ⓘ
Microsoft AutoUpdate: (installed 2018-01-26)
Microsoft PowerPoint for Mac: (installed 2018-01-26)
Microsoft OneNote for Mac: (installed 2018-01-26)
Microsoft Word for Mac: (installed 2018-01-26)
Microsoft Excel for Mac: (installed 2018-01-26)
Microsoft Outlook for Mac: (installed 2018-01-26)
Microsoft Word for Mac: (installed 2018-01-27)
Microsoft PowerPoint for Mac: (installed 2018-01-27)
Google Earth: (installed 2018-02-10)
Install information may not be complete.
Have you tried signing out of iTunes and then back in? Do you see anything in your subscriptions?
Purchases - View, change, or cancel your subscriptions
Thanks Eric
Unfortunately - and I understand why - the link was redacted and replaced with *** in the posting I made.
I received a very believable email from "Apple" - logo, fonts and the other usual stuff.
I immediately reported it to the reportphishing address - but heard nothing ...
Since then, the normal login to my baby 12-inch MacBook fails.
The same login that I use on my iMac 27-inch, MacBook Pro etc all still work OK.
I can find almost no reference anywhere to the link that I stupidly pressed (while watching the TV!!), which is possibly more worrying!
When I try to log in to this MacBook, there is a message "Unlock with Apple Watch requires your password when Mac restarts", and then after entering the normal login password, I get the "shaky" password field indicating an incorrect password.
Could it have anything to do with my Apple Watch? But it seems to be just since this false email purporting to be from Apple ...
Managed to change login and get back - but I keep getting a pop-up from iTunes telling me "Your iCloud Music Library session has expired" and wants me to reconnect with Apple ID and password.
Is this pop-up also a scam?
You are welcome. The pop-up could be a scam.
Try running this program in your normal user account, then copy and paste the output in a reply. The program was created by etresoft, a frequent contributor. Please use copy and paste as screen shots can be hard to read. On the screen with Options, please open Options and check the bottom 2 boxes before running. Click “Share Report” button in the toolbar, select “Copy Report” and then paste into a reply. This will show what is running on your computer. No personal information is shown.
Hi again Eric - sorry for delay in replying …
I don’t use Apple Music, and I don’t think I synch music through iCloud, but there are so many settings and checkboxes that a dimwit may be doing it and not realise!
I did use Apple Music Match system until around October/November last year when I cancelled it - not sure if this is anything to do with the pop-up ...
This is the only machine that has this pop-up appearing - the iMac and MacBook Pro seem all OK.
The login seems to be working - but not as fast or smoothly as before this false Apple email.
The various ISP connections seem more problematic as well ...
Pop-up that appears - and on going into iTunes store:
"Your iTunes Music Library Session has expired”
Then my Apple ID is shown with a request for Apple ID password “to reconnect”.
I am not sure whether this is legit or not ...
I forwarded the email to the reportphishing@apple.com <mailto:reportphishing@apple.com> site - the link pointed to a site "g o o . c l” - this is with spaces inserted so that it cannot cause anybody else any problems. This is followed by a further series of characters.
Hi Eric - again apologies for delay in replying ...
The only item in subscriptions is the Apple Music Match which I did not renew in November as I am a Spotify man ...
It is shown in subscriptions, but only with the option to renew - I can't see any way of getting rid of this.
Could this be the cause of the pop-up?
I don't see anything suspicious in the report. Are you syncing music using iCloud? Can you access the iTune Store normally?
I'm not sure and rather than guess, I'll let someone else respond so you get a good answer.
Link *** in a phishing mail from "Apple"
