Phishing emails are usually a way to get your login credentials for a service you subscribe to, it could be your bank account, your iCloud account or gmail . Apart from the bank account details a lot of people are very relaxed about their other account details, saying that they don’t have any secrets or, who is going to care about what I have!
Before I give examples of how phishing can affect you, let me briefly explain how it is done;
- you get an email from what looks like your email provider (google for example) telling you that your email will be disabled unless you activate it within 24 hours, with a link to click here to keep it active, for example:
Dear Tech,
We inform you that your INTERNAL ACCESS (iLog & iDesk) will expire in less than 24 hours.
And essential to carry out a verification of your data, except your username will be destroyed.
Just click the link below and complete all fields with information ask.
NOTE: If IGNORE this email your account has been suspend.
Sincerely,
Apple Internal Staff
- Once you click on the link it takes you to a login screen that looks like google login, you unsuspectingly enter your user name and password, and hit ok, and BANG they have it, after that it may take you any where to cover their tracks.
- What they can do with your login info can be pretty damaging, for example they send an email on your behalf to all your contacts that looks like this:
“How are you doing. I really hope you get this fast, my sister was diagnosed of Kidney disease in Phillipines must undergo Kidney transplant in order to save her life, the news of her illness got to me as an emergency so i had to quickly rush down here…Her health condition is not improving.
I would have called you but my phone keeps displaying No signal due to bad network.She’s in so much pain right now and needs to be operated ASAP. I have got only $3,950 left but the doctor has demanded for $6,550 cash deposit before carrying out a surgery on her, so i really need your assistance with the balance $2,600 as loan, I’ll refund it to you at my return.”
- Now if you have an email service that includes contacts (gmail an Exchange service), they will not only send to all your contacts, but also delete your contacts, so you can’t follow up to your contacts warning them of such fraud.
Another example of very dangerous phishing, is your iCloud password, because in addition to the gmail example above. Chances are you have an icloud backup that contains your phone backup or your ipad backup, that means they can restore any ipad with your data and have access to all your private content, pictures notes etc..
Now, how to identify if that email is phishing, look at 3 things:
- The sender’s address; does it look real? You can look at the header of the email and see whom it is really coming from.
- The greeting; Does it have your name or your email, or something like “Dear customer”.
- The link; is the link really what it sais, you can find this on the mac by hovering the mouse over the link and it will show the real destination.
- If you miss the first 3 checks and end up clicking on the link, once you go to the site to put in your password, look at the certificate verification, any site that asks you for an login should be secure, and you should see a pad lock in the address bar in the browser indicating that this site is who it sais it is.
For more details instruction see: https://support.apple.com/en-ca/HT204759
- Most important; if you are not confident of the link, don’t click on it, just go to your browser and type the address to the website yourself to log in and find if there are any issues with your account for example.
I hope this is found useful and more people are aware of how to fight this extremely serious matter.