It’s a new year and phishing emails are at an all time high. Let’s start out by discussing exactly what is a “phishing email”. The textbook definition of phishing is:

”The fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.”

The fact is, it’s when some person or group of people try to trick you into thinking they are reputable to give them your personal data. This screenshot below is a pretty good Phishing Email that I personally received at the start of the new year. The attackers are pretending to be Apple, and even structure the email to resemble an email that Apple automatically sends out. Let’s look at the Phishing Email, and another Legit Email that I received from Apple to look for differences.

Here are a few tips to look out for when you receive something disreputable like this email that I received.

1.) Always be suspicious.

Does the email feel a bit off to you? If it does, it most likely is!

2.) Always check the sender display name and email address.

The phishing email sender name comes through as “App Update“ but the address is “jesss……..bro8766@bee…….od.app“

The correct email from Apple comes through as “Apple” and the address aligns with it being “noreply@email.apple.com”.

3.) Don’t ever click a link in an email that feels suspicious to you. Verify it first!

The phishing email shows the display URL of iforgot.apple.com. That address is actually a valid legit address. The iForgot.Apple.com web address is where you do indeed reset an Apple ID Password, but the fact is this Phishing Email is simply using this as the Display URL and actually re-directing the link to “https://t.co/zvM………...”
I’m not putting the actual link so no one who reads this accidentally clicks on it.

The legit email from Apple shows a Display URL of “https://appleid.apple.com/” and an actual link that aligns. ✔️

Additionally look at the links at the footer of the email. The Phishing Email simply has the words that are not linked:

Apple | Support | Privacy Policy

When the official email from Apple hyperlinks them to the appropriate web addresses.

4.) Don’t be pressured into thinking one of these emails are “time sensitive”.

Apple would never send out an email notification to you stating that you must take an action on something like this or a service will be “permanently disabled”. Apple is a big proponent of end user privacy and security. I have heard of an account being locked or disabled due to a security issue, but those are never “permanent”. Apple will do all they can to protect your privacy, and will always look to get you up and running as long as you can properly verify your account.

This email can be persuasive, because the fact is to really do anything in the Apple ecosystem you need a properly functioning Apple ID. For things like Messaging, FaceTime, App Store, iTunes Store, iCloud, etc — you get the picture… an Apple ID becomes a digital identity for you in the world of utilizing your Apple product to the fullest extent.

5.) Beware of spelling errors, odd amounts of spacing, misplaced logos, and a lack of or incorrect punctuation.

A lot of times attackers are moving fast, and they will include a spelling error or errors in their attempt to trick you. We can also look at the two email examples from above and take notice of the  logo and how it’s placed. In the Phishing Email the logo is pixelated, and not exactly spaced correctly. If we look at the correct email from Apple the logo is more defined and placed in line all the way to the right with the rest of the message.

If you receive an email like this, mark it as SPAM so if the attacker emails you again the message might not even hit your inbox, but be directly moved to your SPAM folder.

The fact is, you my friends are the best line of defense to not fall for one of these phishing attacks! You hold the power with your technology and digital life, please be sure to protect it well. Stay safe out there.