Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: chen280
chen280 Author
User level: Level 1
12 points

A really 'real' phishing email that redirects to appleid.com?

Hello,


I have received an email from "Apple Billing" yesterday as follows:

User uploaded file


I have not make this purchase and I believe this email to be a phishing email because:

1. it starts with "Dear client" instead of my name

2. There's no 4TB iCloud storage plan available (at least not in Australia I think?), the max you can buy is 2 TB

3. the "Apple ID | Support | Privacy Policy" at the Botton turns out that they are just plain words and have no external link when you click on them


However, when I clicked the "Click For Cancel or Downgrade" link in the email, it redirects me to the appleid.apple.com which really tricks me into believing that the content of the email is true!


I was wondering could the redirection link be manipulated and that although it took me to appleid.apple.com, but it actually got me signing in for someone else remotely on another device? (or in some other ways stealing my Apple account?)


I signed in my account on appleid.apple.com from the redirection link from the email, realised that the email was not legit in the evening and changed my Apple ID password at night. There appears to be a $1 pending Apple Music payment in my bank account, which I have not made.


So my question is :

1. Is my account safe now given that I have changed my password?

2. Is this email for sure fraudulant? and if it is, since it redirects me to the official appleid.apple.com, how does it actually steal my personal information?

Posted on Apr 16, 2018 9:15 PM

Reply
Question marked as Best reply
User profile for user: gail from maine
gail from maine
User level: Level 9
52,587 points

Posted on Apr 16, 2018 9:57 PM

It is definitely fraudulent. Was it an https link?


I'm not fluent on how criminals spoof url's (or phone numbers, for that matter - they are constantly calling me with a caller ID for my local medical center), but I'm guessing that whatever site you went to, it was a fraudulent site as well.


It's good you changed your password, but if you are seeing a pending charge for $1 then that may be indicative of an additional charge that may come in. Or, it may have simply been a pending charge to check the account being charged. I would recommend that you contact your bank or credit card company and ask to speak to their fraud division. You will probably need that card cancelled.


Here is a support article that may help: If you think your Apple ID has been compromised - Apple Support


Get your payment method cancelled, and I would also highly recommend that you set up Two-Factor Authentication if you haven't already: Two-factor authentication for Apple ID - Apple Support.


Be sure to set up more than one Trusted Phone Number when you set up Two-Factor. You can use any phone number that you have access to that can receive an SMS (i.e. an Android, for example), or any phone that can receive a phone call (a landline, for example). It can be anyone's phone number that you trust (Mom, for example). You need more than just your iPhone number to ensure that you will always have somewhere that you can receive a Verification Code. If you don't have access to any device or phone where you can get your Verification Code, you may have to use Account Recovery, and that can take from several days to several weeks.


Best,


GB

View in context

Similar questions

4 replies
Question marked as Best reply
User profile for user: gail from maine
gail from maine
User level: Level 9
52,587 points

Apr 16, 2018 9:57 PM in response to chen280

It is definitely fraudulent. Was it an https link?


I'm not fluent on how criminals spoof url's (or phone numbers, for that matter - they are constantly calling me with a caller ID for my local medical center), but I'm guessing that whatever site you went to, it was a fraudulent site as well.


It's good you changed your password, but if you are seeing a pending charge for $1 then that may be indicative of an additional charge that may come in. Or, it may have simply been a pending charge to check the account being charged. I would recommend that you contact your bank or credit card company and ask to speak to their fraud division. You will probably need that card cancelled.


Here is a support article that may help: If you think your Apple ID has been compromised - Apple Support


Get your payment method cancelled, and I would also highly recommend that you set up Two-Factor Authentication if you haven't already: Two-factor authentication for Apple ID - Apple Support.


Be sure to set up more than one Trusted Phone Number when you set up Two-Factor. You can use any phone number that you have access to that can receive an SMS (i.e. an Android, for example), or any phone that can receive a phone call (a landline, for example). It can be anyone's phone number that you trust (Mom, for example). You need more than just your iPhone number to ensure that you will always have somewhere that you can receive a Verification Code. If you don't have access to any device or phone where you can get your Verification Code, you may have to use Account Recovery, and that can take from several days to several weeks.


Best,


GB

Reply
User profile for user: chen280
chen280 Author
User level: Level 1
12 points

Apr 16, 2018 10:06 PM in response to gail from maine

Thank you Gail!


The redirection link was: ****


After I clicked into it, it took me to appleid.com with this url ****


...oops, I just realised that ".com" is immediately followed by "-lang-en-us-......" when I opened it from my Mac... It looked so legit


I guess the $1 pending will be the authorisation holds to confirm that my account was active. This was probably for last night when I cancelled my payment method from my apple account, but later added it back.


And yep I'll get a replacement credit card just in case! Thank you so much!


[Link Edited by Host]
Reply
User profile for user: gail from maine
gail from maine
User level: Level 9
52,587 points

Apr 16, 2018 10:03 PM in response to chen280

Hey, chen - just a note. Did you get this email on your Mac? The reason I ask is because I was curious as to where your link would take me (I'm going to ask the hosts to edit it to protect future readers), and my Firefox browser displayed a completely red page with "Deceptive Website Detected" in large letters. Then gave me the option to "Go Back" or to "Continue". So, if you were on your Mac, you might want to look into Firefox for your browser 🙂


Best,


GB

Reply

A really 'real' phishing email that redirects to appleid.com?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up