Apple Password Reset Scam

Kremlin Watcher

Kremlin Watcher

Member
SoSH Member
Sep 20, 2005
5,248
Orleans, MA
I got a very official-looking email just now that my AppleID password had been re-set. I didn't re-set it, so I clicked on the link to fix it and it shot me straight to a site that was either malware or a simple scam to get my Apple password. My computer went nuts so I quit out immediately and went to the real Apple site and changed my password. I think I'm OK.

So be on the lookout for an email from Apple to re-set your password. Do not click the link; go to Apple.com in a new tab and do it from there.

Edit: the giveaway is at the bottom of the message in the Apple address:

Copyright © 2015 Apple Inc. 1 Infinite Loop, Cupertino, CA 95014, United States.‏ All Rights Reserved.
Click to expand...
Note the mistyped characters.
 
gtmtnbiker

gtmtnbiker

Member
SoSH Member
Jul 15, 2005
1,803
You should be able to do a mouse over on the link to see what the Url is without going to the site. If it's not Apple.com, then it's bogus.
 
SumnerH

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
32,003
Alexandria, VA
gtmtnbiker said:
You should be able to do a mouse over on the link to see what the Url is without going to the site. If it's not Apple.com, then it's bogus.
Click to expand...
Always type in a URL or go to the bookmarked site directly if you're going to enter a password or other sensitive data. Never click a link in an untrusted email and type in a password. Hovering over the link and looking at it is insufficient because there are international characters that look nearly identical to English/Roman characters:

аpple.com
apple.com

One of those begins with an English "a" and is the Apple computers web site. The other begins with a Cyrillic "а" and could be to a Russian credit card scammer's site. It's a more sophisticated version of linking to appIe.com (with a capital I instead of a lower-case l) and hoping that those characters look the same in the target's font or that they don't look too closely.

https://en.m.wikipedia.org/wiki/IDN_homograph_attack
 
Last edited:
gtmtnbiker

gtmtnbiker

Member
SoSH Member
Jul 15, 2005
1,803
SumnerH said:
One of those begins with an English "a" and is the Apple computers web site. The other begins with a Cyrillic "а" and could be to a Russian credit card scammer's site. It's a more sophisticated version of linking to appIe.com (with a capital I instead of a lower-case l) and hoping that those characters look the same in the target's font or that they don't look too closely.

https://en.m.wikipedia.org/wiki/IDN_homograph_attack
Click to expand...
Thanks for sharing this. I knew about the english version but didn't know about the Cyrillic approach. Very clever.
 
SumnerH

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
32,003
Alexandria, VA
gtmtnbiker said:
Thanks for sharing this. I knew about the english version but didn't know about the Cyrillic approach. Very clever.
Click to expand...
Most browsers attempt to protect against that sort of thing but the techniques are variable and often leave some of those avenues still open.

So the safest thing is to always manually enter the bank's URL in the browser (or use a bookmark) and never click on it in an email.
 
You must log in or register to reply here.
Top Bottom