Comments

You must log in or register to comment.

tj_ward t1_j8ocw83 wrote

No. Don’t click that link and don’t put your password in. To be safe, you can go directly to Apple’s site and change your password there. Looks phishy to me.

72

csch1992 t1_j8oegz2 wrote

just check from email this is comming from.

0

Creyons t1_j8oi0c6 wrote

The grammar mistakes on the bottom of the button is enough to question the legitimacy

5

Wing_Anxious t1_j8oi2ts wrote

No. Official emails from Apple will address you by name. Also, the wording in this email is completely off.

11

mustangs-and-macs t1_j8oiem1 wrote

“you have to completing Verification before 12 hours” made me laugh. Do they not have grammar check on whatever software they come up with the scam text on?

4

pOmelchenko t1_j8okopp wrote

You can check email from which was sent this email. Maybe in … menu you can find more information about this email

3

babycatsXXXIII t1_j8on489 wrote

Apple emails don’t have the Generic google profile pic the official profile picture is the company logo

2

NULL4546 t1_j8oo11u wrote

Whoever wrote this definitely dropped English as their second language in high school 🤦🏻‍♂️

2

Casual-Gamer25 t1_j8oo1ls wrote

Jeez scammers should really invest in grammarly the amount of grammatical errors is astonishing

2

Notyourfathersgeek t1_j8op0fk wrote

Some mail that wants you to do something before some time elapsed if you don’t want to die a horrible death is almost never ever ever ever legit.

2

DarkNet-Magic t1_j8orfec wrote

The misspellings and incorrect grammar alone should tell you this is 100% a scam.

Another thing you can do though when you’re unsure, is tap on the sender’s name, and it will show you the email address of where it came from. If it is not from an official company domain, then it is a scam. In this case, it would have come from an “@apple.com” domain, but I can tell you for a fact that it didn’t.

CashApp scams are a big one to look out for. You’ll get an email with the sender name of “CashApp”, but when you tap on the name, the email will be an “@gmail.com” domain, which is obviously not official.

3

DarkNet-Magic t1_j8osvyf wrote

If you clicked on the link, change your Apple password immediately.

Phishing links like this (usually) simply just require you to click on them, then it immediately sends your credentials for the account they’re trying to access back to the scammer. A major red flag that is what is happening, is if you happen to click the link, and it opens up the application on your phone. That tells you that they just got your username and password for that account. However, just because you click the link and the application doesn’t open, doesn’t mean they still didn’t get your credentials.

Never, and I mean, never click on links that you don’t recognize, or have any doubt toward their legitimacy. Better safe than sorry by just not clicking the link to begin with.

Again, since you did click the link, I highly recommend changing the password for your Apple account immediately. Even if you clicked the link and immediately exited out, it doesn’t matter. If they were phishing for your information and just needed you to click the link to get it, then they got it as soon as you clicked.

I’ve worked Cyber Security for a very long time now, I see scams like these all of the time, have learned how to identify them pretty quickly, and figured out what they do and how they do it. Always be on the lookout, some of the emails I’ve seen look pretty damn legit, but there is always a way to point out a fraudulent email from a real one.

2

Quick_Abbreviations4 OP t1_j8ot6zx wrote

Thing is, I wasn't suspicious of the email. Since I'm not a native English speaker, the words just went past my brain and I read them the way they were supposed to be written. I was suspicious when I opened the link. While it was loading I glanced over the link and it just didn't seem right so I lfet the site before it even loaded

5

alphinex t1_j8ow3es wrote

Ehem… with HTML only you can’t gather any informations. And with JavaScript, you can’t get that much as well.

I would assume, as long as you are not giving any informations by yourself, you are more or less safe on the web.

The only way to gather more informations not letting the user know about it, is using a vulnerable bug (one of that was getting fixed in iOS 16.3.1), but I don’t know how far you will even get with that.

4

RedRose_Belmont t1_j8oxj9q wrote

Best way is to try to log in to your Apple ID from a secure connection that you initiate: do not click on that link.

1

DarkNet-Magic t1_j8p30qe wrote

As long as you haven’t noticed any fraudulent activity within your Apple account, then you should be fine.

If you wanted to be extra cautious, you would also change the passwords of any other accounts that use the same password as your Apple account (if applicable), or at the very least, change the password of any accounts that use the same email address and password of your Apple account (if necessary).

Not all scammers are clever enough, or care enough, to tap into other accounts that use the same credentials, but it’s very common that they may try. They may also be phishing for the purpose of mass collecting credentials to sell on the darknet.

Again, that’s if you want to be extra cautious, but as long as you change your Apple password you should be alright.

1

Standard-Plan1506 t1_j8p4jh1 wrote

Sorry but that’s bs, clicking the link won’t give away anyone’s password. That’s why they’re trying to scam you into typing it yourself. You have to allow a website or an app to log in using your Google or apple login; and even if you do it’s encrypted anyway, no one’s gonna see it

1

DarkNet-Magic t1_j8p4rx9 wrote

It varies by how the programmer sets up the phishing link (there are also tons of templates scammers can grab online to make basic phishing links as well). But the way it works in most cases, is once you click on the phishing link, it then directs the code to open the application they are attempting to grab the credentials for. Once it opens the target application, it uses the credentials saved in the application (like when you open the application and it is automatically signed in), it then shoots those credentials (email and password) back to the scammer in a .txt file.

These guys literally get incredibly long lists of emails and passwords for the application they are targeting, go through and access those accounts so they can have access to your saved financial information, steal it, or use it to send themselves money.

2

DarkNet-Magic t1_j8p6wm7 wrote

Clicking a link absolutely will jeopardize your password. Albeit many phishing links aren’t that complex or intricate, but they are more common than you think.

I do pen-testing in my free time on the side, you would be amazed how often I come across those types of links. Apple accounts are more difficult to bypass, sure, but encryption isn’t an automatic guarantee of security, it just requires a little more complexity in the scripting.

1

NotAxorb t1_j8p71vt wrote

Nope, fake. The crappy grammar and the use of times new roman font at the bottom is a dead giveaway for me.

2

DarkNet-Magic t1_j8padjz wrote

I am not making anything up? Why would I have a reason to lie to a stranger on Reddit. If you haven’t come across those types of phishing links, that’s good for you, but to blatantly deny they exist is pure ignorance.

1

DarkNet-Magic t1_j8pbzp2 wrote

I never said I was a “security engineer”. I said I work in Cyber Security, which Pen-Testing falls under.

Better yet, I’m not wasting nearly two hours creating a phishing script to prove a point. Again, a stranger on the Internet doesn’t mean anything to me.

With that being said, I conclude my conversation with you.

1

Cool-Click1253 t1_j8pdlbr wrote

I’m a web developer and I can confirm this is 100% accurate, just don’t visit suspicious links anyways just so you’re extra safe in case they’re utilizing an unknown vulnerability

3

SolosSMP t1_j8pf840 wrote

That’s a phishing scam. Don’t click it. Report and delete it.

1

SaverPro t1_j8q7r4d wrote

Definitely a scam. Apple doesn’t force you to sign in right away. You can take as long as you want resetting your password, heck, they even say it might take a week for them to verify you.

1

Standard-Plan1506 t1_j8r7aa2 wrote

You're talking about session hijacking, mate, you need an exploit to make it work. The idea that you can create a phishing script in 2 hours to steal data from ios is ridiculous. And it's not going to produce a txt with login and pass, that's complete bs. You're familiar with 2FA, right?

1

justina081503 t1_j8rqefc wrote

Typically if you have to ask if it’s real it probably isn’t real.

1

alphinex t1_j8swepz wrote

XML can’t do anything more than HTML. What’s your point? There is literally no logic in HTML or XML.

Please just take the advice by u/Cool-Click1253 and me, seems like we are both web developers, maybe both with some decades of experience (but we can still be wrong). You cant gather sensitive informations (or any other) via XML or HTML (based upon XML btw…). HTML is only a HyperTextMarkupLanguage, no programming language. its only to describe the structure of the page which should get (mostly visible) rendered.

But still, you are right, that you shouldnt click the link in the first place, if it looks suspicious.

1

BigSadOof t1_j8sy513 wrote

Tim Apple wants to know your location

1

trobot47 t1_j8t2460 wrote

I’m sure this has been stated. The verbiage in this post is alllllll out of whack. Don’t touch that with a 10ft pole.

1

imomo t1_j8ul7yl wrote

Check the email address of the sender

1