As you may know, I don’t usually send out anti-virus / scam warnings – my feeling is that a few common sense precautions and a healthy dose of suspicion should be sufficient to keep you safe. However, an attempt was made to scam me today which was convincing enough that I feel that I should warn you all – just in case you’re tempted to believe it.
I received a text message this morning warning me that my Apple ID had been locked, and inviting me to visit a non-Apple domain with an insecure website (note that the real Apple ID reset URL is https://appleid.apple.com). Note also that ICLOUD is incorrectly capitalised.
In the interests of research, I visited the URL (without being daft enough to enter my credentials):
Note that this page is a carbon copy of the official page – but the URL at the top is wrong, and it’s unprotected (no SSL – no padlock).
If you’ve fallen for this scam already then change your Apple ID password immediately (log in at https://appleid.apple.com) and contact Apple using the details on this page http://www.apple.com/support/contact/.
How could I tell that this was a scam?
- The alert came in as a text / iMessage rather than an alert box on my iPhone / iPad / iPod / Mac / PC
- The website that I was directed to was insecure (http rather than https) – you can tell by the lack of padlock.
- The domain had only just been registered, and is not registered to Apple.
I have flagged this issue with Apple Security. I’ll keep you posted of any updates that I might get.