Apple ID reset Phishing EmailIf you receive this crafty email similar to below, then it beware it's probably a phishing email attempt that is recently going around.
|Subject: Your Apple ID was just used to download Candy Crush Saga from the App Store on a computer or device that had not previously been associated with that Apple ID. Your receipt No.1145624532|
How to tell this is a Phishing email ?
- Is email is from you to you, then it's phishing.
- Hover over all links in email, if it's not from the source site then forget it.
In above example, all the links and source images seem to be from Apple website. You can test this in the above example, since I crafted that from source HTML of the phishing email. Try it, hover over links to examine the source URL. Note: I have re-coded iforgot.apple.com to report pharus.com this as phishing site.
It the original phishing email iforgot.apple.com which points to spam site pharus.com.
- The best way is to look at message source
How to examine Email Message Source ?Now lets look at message source
- Outlook.com->Actions->View Message Source.
- Gmail.com->More (down arrow to top right)->Show original.
For this phony email, well look at the top 25 lines of the message, known formally as the "message header".
At line 23 you have Return-Path: email@example.com
and is suspect because domain was registered in Italy (.it) and nothing to do with Apple.
Aruba.it is being investigate for a Paypal phishing and has reported links to Italian Mafia.
These are valid return-paths for Apple
- Return-Path: firstname.lastname@example.org
- Return-Path: email@example.com
Why look at "Return-Path"? When the e-mail is put in the recipient's mailbox, a new mail header is created with the name "Return-Path:" containing the address on the MAIL FROM command. So it's a quick hit to determine authenticity.
Report Phishing Email (not as Spam)
- Outlook.com->Junk (at Top)->Phishing Scam
- Gmail.com->More (downarrow to top right)->Report Phishing
Report Phishing URLs pharus.com and aruba.it at Google now
If you have recievied this email take further action now by click these links