There have been several different phishing attempts regarding Apple IDs lately. The emails attempt to get you to go to a nefarious website under the guise of a locked or suspended iTunes account or to get you to respond to some outrageous charge to your account.
While these attempts are iTunes-specific, I thought it might be a good idea to explain Phishing and what you can do to protect yourself from the latest phishing scam.
What is Phishing?
Phishing is a fraudulent attempt to steal your personal information. It is usually made through an email. A phishing email will usually appear to come from a well-known organization. It will ask you for personal information, such as a credit card number, your Social Security number, account number or password. The email may appear to be from an organization with which you may or may not have an account.
For your personal information to be successfully “phished”, you must go from the email to a website. Phishing emails will typically ask you to click on a link in the email that will take you to a website where your personal information will be requested. Legitimate organizations would never request this information of you via email.
How do you safeguard yourself against phishing?
There are several things that you can do to safeguard yourself against phishing.
First of all, be suspicious of any email with urgent request for personal financial or identity information. The email will typically state that this is a matter of utmost urgency. This is an attempt to get you to panic, click on the link and enter the information before you’ve had an opportunity to think this through.
Be wary of any email that asks for personal information. Reputable organizations do not ask you to update or provide personal information via email.
NEVER click on a link in an email. Period. Phishers ‘spoof,’ or forge, BOTH the “https://” associated with a secure website and a legitimate-looking URL. They may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. Three good reasons to ALWAYS enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.
Do not fill out forms embedded in email messages that ask for personal financial information. EVER. This type of information should only be conveyed by using a secure website or the telephone.
Make sure that you are using a secure website when submitting personal information online.
Ensure that your browser is up to date and security patches applied.
Routinely (at least monthly) check statements for any financial institutions that you deal with to make sure that there are no unauthorized transactions.
If you find that you have been ‘phished’, always forward the “phishing” or “spoofed” e-mails to the following groups:
◦ Federal Trade Commission at firstname.lastname@example.org
◦ the “abuse” email address at the company that is being spoofed (e.g. “email@example.com”)
You should also notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/
When forwarding spoofed messages, always include the entire original email with its original header information intact.