Phishing attempt, supposedly from Apple

Just a warning to all. I just received what appears to be a phishing
email t)hat appeared to be (but wasn't) from Apple. The subject of the
email is: "Important Notification", and the content is: "As we strive to
secure your account, please be informed to upgrade to our latest
security platform here.
Your privacy and protection is our concern.
Apple Support".
 
If you go to the site by clicking "here" (no, I didn't do that-I just
looked at the preview in Mail), you will see that they ask for all kinds
of personal information, including your credit card number and security
code, mother's maiden name, etc.

 

Beware of people writing in English that obviously don't know it well.

And, feel free to enter bogus/insulting/etc data here. Heh.

Billy Y..

 

I get 2 or 3 per day of these. They come in English, French, German,
Italian, Spanish and various eastern European languages. I open the odd
one for potential entertainment (filling the fields with comments about
their mother and so in occasionally therapeutic).

Mainly I ignore and delete them.

 

I do that manually on occasion when sufficiently moved - but perhaps I
need to set up an autofill to do it.

 

So, not native English speakers then...

 

Yep, I got the same damn thing. Promptly marked it a s-h-i-t and went on my
way.

If they don't have my name, f--k em...

 

Nobody should be using a email client that displays HTML as HTML, and
doesn't have a "view source" option.

"view source" is the best way to see if an email is legit or not. (the
"Received from" headers provide very good information. An Apple email
doesn't come from aol for instance),

 

Hovering the mouse over the link in many applications will also display
the real address from the source code. That's usually enough to tell
you it's a fake. Even if it doesn't say something completely obvious
like "astrohackers.com", it will usually try hopelessley to hide the
fact with something silly like apple.xyz.ru.

The problem can be legitimate links in email newsletters generated by
places like MailChimp. These often use coded links which then
auto-redirect - the coded link is used by the sender's MailChimp
account for statiscal purposes to see how many people clicked the link.

 

"Apple <>" was the bullshit address in this case.

 

Agreed that an Apple email doesn't come from aol, but with all this cloud
stuff, some mails from large companies are coming from domains that aren't
the ones you would expect. They should pay more attention to details
like this.

 

Yeah, but if you use the basic rule of "don't click in email", you
generally don't run into issues. If I get an email from what is
supposedly a place that might be of interest, I just go to that place
outside of email. If it is legit, the action/info will be there, if it
isn't then the email was bogus.

Beats the hell out of 'viewing source' and having your eyeballs get
tired trying to read though all the crap those phoney emails have put
there imo.

 

Yep. Though on some obvious phishes I can't resist checking out the
link. Very often Chrome flags it as a phish in any case.

 

This is why, in my email client, I specifically implemented phishing
tooltips: hover the mouse over a supposed URL and get a tip telling you
where you will *actually* go if you click it.