i215061438 Apple Icloud Phishing

Phishing

i215061438 pretending to come from Online-iApple <replyonline@online.apple.org> is one of the latest phish attempts to steal your Apple / Icloud account

This one only wants your Icloud/Apple email address log in and password

Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.

The original email looks like this It will NEVER be a genuine email from Apple / Icloud or any other company so don’t ever click the link in the email. If you do it will lead you to a website that looks at first glance like the genuine Apple / Icloud website but you can clearly see in the address bar, that it is fake. Some versions of this phish will ask you fill in the html ( webpage) form that comes attached to the email.

Apple

Hello [REDACTED]

You received one new message!

SignIn and View

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

Thank you,

The iApple Team

Prefer to stop receiving these emails? Unsubscribe here.
Click here to view our privacy policy
Sitemap About us Terms & conditions Privacy policy Mobile site

If you follow the link behind Signin and view you are sent to http://wellingtonhomes.co.nz/fun.php?A4E141F5CE3B5BD17361B2E5C637EB41ECFEC0B9538521EBCCDCF274F788256B95F711D2EB4E9ADC8BA14548A7418F386BD633137DCF9C64786F92AD2B4CD and then forwarded immediately to http://icloudapple.com.id3432534641f6a850a564167e47e1fdd0fdacef8342d42f0ad67723570632.otrack.net/my9320applde9303id89342874jmkasdjahadwd/Login.php?sslchannel=true&sessionid=q0qv9sqHyiXheU68zw1YhoT4iAYUD4334tzeV0WujTLxOSGnoHlF6fKoPIjsNmwRQ66L72gqV2YKUE8j

It is quite easy to mistake the URL for a genuine apple site because you are instinctively drawn to the http://icloudapple.com at the start of the URL, where you should be looking at the last part before the first / otrack.net That clearly is not an Apple or Icloud site

If did click the link you would see a webpage looking like this where any email address and password gives you a message saying : Your Apple ID or password was incorrect. Forgot password? which is the link to the genuine Apple forgot password site

The links behind the unsubscribe and Click here to view our privacy policy lead you to the Romanian Security Team forum.

All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details.

Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.

Total
0
Shares
Leave a Reply

Your email address will not be published.

Related Posts