Vulnerability Management

Phishing email lures users into giving up Apple ID

Free is sometimes fishy. In the case of Apple's free OS X Mavericks update, it is also phishy.

Apple users who downloaded their free Mavericks update – the technology giant released the latest version of its OS X operating system, 10.9, for free earlier this week – are reporting they received a fairly authentic-looking follow-up phishing email.

Macworld posted about the circulating email in a Wednesday article.

What may immediately lure people in is that aesthetically the email has the feel of a classic Apple correspondence. Additionally, the subject line reads: ‘Your Apple ID has been frozen temporarily,' which may raise alarms for those recipients only passively glancing through their email.

However, there are telltale signs that will tip off most to this timeless hoax – the most immediate of which is the abundance of spelling and grammatical errors.

However, the most telling indicator that this is a malicious ruse is one that may be overlooked by some of the Apple community. The phishing letter says, “Dear Customer,” instead of using the user's name, as is standard with Apple. 

Although the email comes from “[email protected],” at least one variant comes via “,” an Indonesian domain. Furthermore, the ‘Verify Now' link contained within one of the emails, which asks users to click to “restart your information,” redirects to a Thai website that reportedly prompts people to input their Apple data. 

Anyone who falls victim to the scam will have given up his or her Apple ID credentials. It is unclear at this time whether the links contain any malware that is downloaded to the victim's system, which will compromise the user even further.

Community members are urging recipients to report the scams to [email protected].

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.