How to protect yourself from Apple phishing scams

Checkpoint Research recently warned that criminals are taking advantage of the COVID 19 crisis with a wave of attempts to get people to share their security information with fake emails.

Catch a phish

According to the research, Apple is the most widespread brand.

Phishing is the practice of masquerading as legitimate branded messages in an email or other message, to get people to access the service through unsecured servers, sharing their login passwords and credentials.

Criminals can then use this information to undermine account security, dig deeper into your identity for more sensitive data, or even sell your data to other hackers on the black market.

This is a threat to the personal security of every user, but this wave of attack also threatens your company, your employer, and other security measures.

Advanced attackers are known to investigate target companies to find vulnerabilities among multiple employees and to penetrate secure systems.

What is the best defense?

Education of course.

Employees (and employers) need to learn how to spot a phishing attack. It is good for them and also for the business. The FBI’s Internet Crime Complaint Center reported $ 57 million Lost in 2019 due to phishing scams.

It is useful to invest the time to understand how these scams work and to take a few simple steps to protect yourself from them.

How do they normally work?

The scenario usually involves an unexpected email from a well-known brand. It can invite you to check your account, be an invoice for an item you haven’t bought, or take other forms – even a harmless message with a link to click here can have some kind of payload.

The most common phishing emails are said to come from a trusted brand and can take one of the following forms:

• Unexplained blocking or blocking of your account.
• A request for payment for something that you have not bought.
• A web address that is slightly different from what you would normally expect.
• A request for private information, such as B. Bank details.
• Bad grammar or misspellings.
• Supposedly from a company or service that you already know you are not using.

What should you do?

1. If you receive an unexpected email that is said to come from Apple or someone you normally trust, you should first check the sender’s email address. Does that seem normal? Is it slightly different from the email address you normally get things from? If it seems suspicious, it is likely.
2. It’s worth checking the greeting used in the message: if something general like “hey sweetheart” is used or a link is provided to update your payment details, it is most likely a scam.
3. Do not click on it unless you are absolutely sure that the link in an email or message is trustworthy.

The best protection is never to click a link to your account that is included in an email. Think about it, in most cases real problems with your account will appear in your account settings when you access them online with your browser.

It takes a few extra moments to open Safari, manually visit your account page and sign in (without using a link in an email), and to check if you’ve received a notification of an issue. If you don’t find such a warning, it is most likely an attempted phishing attack. However, you can also contact customer service to compare this.

How to protect yourself

There are steps you can take to secure your digital existence against such attacks:

• Never share your Apple ID password or verification code with anyone. Apple never asks for this information for assistance.
• Use clear and complex passwords for all of your accounts, especially the most important accounts.
• Use multi-factor authentication wherever you can, especially for commonly targeted services like iCloud, Google, and social media.
• Always keep your operating system up to date on your mobile devices, PCs and Macs. Set them so that they are updated automatically.
• Keep Safari up to date.
• Always check the domains – never enter sensitive information on a website with a URL that doesn’t start with https. Always look for a closed lock symbol near the title bar.
• Save your data. Business users should insist that remote employees back up data daily – ideally on a system that is not connected to their network or on their own highly secure online archiving system, if available.
• Check your online accounts to make sure no one is tacitly abusing them.
• Always check Safari’s password feature to ensure that you are using unique passcodes for every site or service you use.

What can I do if I fell for a phishing scam?

If you have fallen for a scam and know that you have shared important confidential information, the first is not to panic. The second is not to ignore it.

1. If your Apple ID has been compromised or you may have entered your password or other personal information on a scam website, Change your Apple ID password.
2. visit Identity theft and follow the recommended steps for the data you’ve shared.
3. If you think you may have been tempted to download malicious software, you should run a malware checker and update your system.
4. If you receive phishing emails, you can forward them to reportphishing@apwg.org. You can also report these attacks to the FTC.
5. If you receive a suspicious email claiming to be from Apple, forward it to reportphishing@apple.com.

Stay safe.

Additional resources

I want to try to develop useful resources for businesses and individuals who use Apple as our working life changes in response to the pandemic. Please read these additional reports: