Malwarebytes says that Apple ID Phishing E-mail is Very Poorly Designed

Softpedia.com reported on 15th April, 2014 stating that security researchers of security firm Malwarebytes have intercepted an Apple ID phishing e-mail which is so feebly designed that no one would probably fall for it.

Some phishing e-mails enclose "security warnings" in an attempt to make the fake notifications look more authentic.

However in this case, recipients are informed in the beginning that this e-mail is a spam. The unformatted real body of the spam e-mail is displayed at the heart of the email.

Additionally, the email exhibits extra information at its end showing that it is spam and may be malicious.

The actual phishing notification tells the customer that his Apple ID was used to login to iCloud on an iPhone 4. If he recently logged into this device, he can ignore this e-mail. If he has not recently signed into an iPhone with his Apple ID and believes someone else may have accessed his account, he is requested to click on a link to re-confirm his account details and for changing his password.

Clicking the link redirects the user to a phishing page which is presently offline, says Malwarebytes.

Blog.malwarebytes.org published a report on 15th April, 2014 quoting a comment on the above phishing email campaign by Christopher Boyd, Malware Intelligence Analyst, Malwarebytes as saying that sometimes scammers get it correct and pull of witty and fine phishing attack however, several times, they go incorrect and you are left with scratching your head and thinking what on earth has happened. This is most likely a case of the latter."

Security experts comment that Apple is frequently targeted by phishing scammers like any other high-end companies. In November 2013, an email appearing from Apple was intercepted which asserted that Apple ID of the customer had been updated. The message notified that shipping and billing address information for the account was modified. As per the message, if the account user did not approve the change, he should click a link to update the account's password instantly. Users who panicked into clicking the fictitious link were in the process redirected to a fake Apple webpage, instead.

» SPAMfighter News - 4/24/2014