Few days ago I received an email stating that my iTunes account has been hacked and I was required to enter a link to update my personal information. Immediately I knew that this is a phishing mail as I did not create my Apple ID with that email and the sender is “itunes@ituns.com”. However, I felt that the email does look very similar to emails sent by Apple as shown below.

yd2

The following steps are not recommended and I did it purposely to learn more about the scam. I use incognito windows on Chrome browser to enter the link given, whose domain is definitely not Apple.com. The page shown will ask to login so you have to insert your email and password. The style of the page and typography really looks like it is a page managed by Apple. Ironically,¬†“100% Secure” is shown in the upper left corner.

yd1

After I typed in fake email and password, I was required to fill in all my personal details, including your social security numbers and your credit card information. I guess you know what will happen after you give away these information. After you complete the form you will be directed to Apple.com.

yd3

Phishing mails using the name of banks are quite common and I received them almost once a week. However this is my first time receiving such phishing email so I would like to share it so that everyone can be aware of this. These are few tips I could think of when you are trying to identify the authenticity of similar emails:

  • Stay calm and read the email again. You might not have such account at all.
  • Check the email address of the sender. Check if the domain is correct. For this case the domain is “ituns.com” and you should know there is something fishy over here.
  • Check the person the email address to. For example, you will be greeted by your namein emails sent by Apple. In phishing mail there might be none. However, in some cases the phishing mail might address you correctly too.
  • If there is any link given, do not click on the link first. Place your cursor over the link and your browser should show you the link location. (Or you can copy the url and paste it somewhere else to read it). Examine domain carefully will help you here.
  • If you cannot determine if the authenticity of the email, do not click on the link given. Contact the right party via email or phone calls to check if the case is real.

For Apple product users you can click here to read the official guidelines given by Apple. So everyone please be careful of these phishing emails. Stay alert and you shall be fine.