LEWISTOWN - Pennsylvania State Police have issued a bulletin about an Apple ID phishing scam.
Phishing is the criminally fraudulent process of attempting to acquire sensitive information, such as usernames, passwords, and credit card information, by disguising electronic communications to appear webpages and installing key loggers, root kits, and other forms of malware, police said.
Phishing often involved spoofing, which occurs when a forged email appears to be sent from someone other than its true source, police said. The spoofed emails are used to gain the potential victim's trust and convince him to provide personal information, including passwords, credit card numbers, and bank account information, police said.
Recently, Apple users have received emails that appear to be part of a phishing scam, police said. The message informs the recipient that his Apple ID has been temporarily suspended and instructs the user to click on a link to a remote site that requests his account and password information, police said. The remote site is not authentic and is used to collect the victim's sensitive and personal information, police said.
This particular phishing scam attempts to collect usernames and passwords, although it is unknown how the information will be used, police said. Internet users should safeguard all their login information and never give it to anyone, police said. Legitimate companies will never ask for your login information by email and individuals who have already fallen victim to this particular scam should immediately change their password, police said.
Police said general signs indicating a phishing scam are:
Misspelled words and poor grammar in the body of the email.
Links located in the message. Before you click on any link, hover over it with your mouse, but do not click. If you see a string of numbers instead of the website name, it is most likely illegitimate.
Threats located within the message. Emails will state that your security is compromised or that your account will soon be suspended.
Popular companies are typically chosen to be the front for a phishing scam, e.g. Apple, Microsoft, Facebook, etc.
The United States Computer Emergency Readiness Team provides the following recommendations to minimize the chances of becoming a victim of an email scam:
Set your email to automatically filter spam.
Install anti-virus software and keep it updated.
Install a firewall, set it to the highest level, and keep it updated.
Do not open an email attachment or click on a link in am email from someone you do no know.
Do not click on an email attachment that ends in .exe. It is an 'executable' file and, once downloaded, can do what it likes in your system.
When links sent in an email take you to a webpage and require you to login, do not provide any information. Always type in the domain name yourself or use your bookmarked links.
Require emails from IT of Help Desk personnel to always have a name and contact number.
If a "single sign-on" system is used, consider requiring additional and different passwords to access personal information stored in databases.
Individuals should report phishing scams to US-CERT at phishing-report@us-cert.gov and the Internet Crime Complaint Center at www.ic3.gov.
