Phishing mail from Apple

Phishing email is as old as the public use of email. Through the years, they are getting more and more convincing though. Even though the bulk of spam email is still recognizable as such at first glance, phishing mails are looking more realistic than ever.

phishing mail from Apple (not)For example, look at this phishing mail I got from ‘Apple’ today. It even threatens to destroy my ID! This sounds a little fishy to me, because Apple always chooses it’s words very carefully and would not use ‘destroyed’ easily. Also, Apple never uses the term ‘iTunes ID’ because it doesn’t exist, nor would they abbreviate 48 hours to ’48 H’.

Many people wouldn’t notice such tiny give-aways though and would be tempted to immediately click on the inviting blue links, to find out what the heck is going on.

Let’s do some more investigation first. Notice that the sender has an email address that ends on This is odd because it doesn’t sound like anything Apple would use. However, even if it said ‘’, this would mean nothing, because it is easy to fake! It’s easy to give an email a different sender or replay address.

Be careful and always check the real urls first

When in doubt, don’t click it. There’s an easy way to check where links really lead to. Just roll-over the link in this mail in OS X Mail and see what the URL domain name ends with. In this case it’s a site called ‘’. Again, not something that rings a bell with Apple users.

Another deceptive trick is to spell out a real ‘’ URL in the mail, while actually putting a different URL underneath the text.

The next trick to look out for, is of course, deceivingly ‘close’ domain names, like, or instead of

What if you don’t use OS X Mail?

Other mail applications have similar options. If you don’t see the link on roll-over, right-click or ALT-click usually brings up a contextual menu with the option ‘show URL’ or copy URL, so you can paste it in a text before you click it.

Other options

Still in doubt? Don’t use the link in the phishing mail from Apple but go to the Apple support yourself. Or whatever company the mail touts about. That way, you know for sure who you are dealing with.

Another way is to use the old-fashioned phone and call the company it’s about. You can also copy a part of the text and Google it, in combination with the word ‘hoax’, or ‘phishing’. You’d be surprise how much fake mail there is..

Update: iTunes from Android Store?!

Screendump of an iTunes-android-phishing-mail

This one is funny too. An iTunes document on your bank account on Android? Very badly translated.

Geef een antwoord