On occasion, I see phishing spam in my inbox, just like we all do. These emails usually look fairly realistic, and always have a link to click for me to renew an account or pay a balance -- but since I'm a moderately savvy fellow, I generally avoid falling for them, and you should too.
Well, this morning an email allegedly from Apple told me I need to renew my iCloud account. After making a few screenshots, I deleted the email. Why? It's a phishing attempt, and not even a good one. Here's how to tell it's fake.
At the top of the email, the sender's address is completely wrong. A real Apple email would come from the apple.com domain, not "rep.store.com". Likewise, the App Store has nothing to do with iCloud accounts.
Next, the subject line is "!Cloud" (exclamation point-Cloud), not "iCloud." It's doubtful that Apple would let a mass email go without a quick proofreading pass. And let's not forget the logo. Really? Have you ever seen the word "iCloud" oriented vertically on an Apple site or communication?
The paragraph explaining the "subscription was set to renew" is so full of fail it's laughable. First, it should be iCloud "subscriber," not "member." Next, why put PDT behind the date, when no time is listed? Third, have you ever seen an email from Apple that is written in sentence fragments? "Attempt to do so has failed." "Please take a minute."
The biggest tell in the message, however, is the instruction to "log in to MobileMe." MobileMe no longer exists; it was replaced by iCloud. The biggest way to tell that this is a lame attempt at phishing, though, is that link. Legitimate emails sometimes include a link to a login page, but for more sensitive ones (financial, security and such) the best practice is to ask users to self-navigate to a specific site.
This link doesn't pass the sniff test. If you hover your mouse pointer over the "LOGIN HERE TO UPDATE" link, you'll see from the tool tip that appears that the link directs you to a completely different site than iCloud.com:
Yep, you're going to be directed to stor-pple.com, a page that has nothing to do with Apple. This is an extremely poor phishing attempt, since it's not even trying to steal your login. Instead, it's flogging gift and flower sites.
The correct link for Apple ID and iCloud security transactions, in case you were wondering, is https://appleid.apple.com -- note the HTTPS protocol, which will help ensure a secure connection between your computer and Apple's webserver. (I'm not making that a "real" link for the reason noted above; if you ever need to reset your Apple ID, be sure to type the URL in yourself, in a browser you trust, on a computer you control. Maybe even disable Java and Flash, just for extra protection.)
Other favorite phishing emails come from miscreants pretending to be banks, credit unions, insurance companies and PayPal. Probably your best defense is to never click on a link in a suspicious email, or use the "hover over link" test to see where the link is really going. In this case, the attempt was transparently fake, but be sure to be cautious in all of your online activities. If you're checking email from your mobile device where it may be more difficult to assess the provenance of a link, wait until you get back to your computer if you have any doubt -- or just go straight to the relevant site yourself, and be safer.