Wednesday, June 21, 2017

Phishing Email Apple Two-Factor Authentication Enabled, Service

For the record, here's a recent Phishing Email from "Apple" with subject [SUPPORT] : Two-factor authentication enabled, service [249]  phishing email that is circulating and was not caught by Junk or Spam filters.

What to do?

Report them and label them as Phishing Email not SPAM (in your online email system), see below.


Report them? 

Report Phishing URLs at Google Plex now as well;


Here's the view of the email in your online mail client





Dear Customer,

Thank you for enabling two-factor authentication for your Apple ID (youremailaddress@gmail.com).

Two-factor authentication is an additional layer of security designed to prevent unauthorised access to your account and protect the photos, documents and other data you store with Apple.

From now on, whenever you sign in with your Apple ID on a new device or browser, you will verify your identity by entering your password plus a six-digit verification code sent to your other devices or a trusted phone number. To learn more, read the FAQ.

Additional security information

If you did not enable two-factor authentication and believe an unauthorised user has accessed your account, you can use the link below to return to your previous security settings

Turn off Two-Factor Authentication


SPAM URL "Turn off Two-Factor Authentication" points to http://x.co/6lsUV


This link and your Apple ID security questions will expire on 4 January 2017. After this date, the only way to turn off two-factor authentication will be to sign in to your Apple ID account page with your password and a six-digit verification code.

Sincerely,

Apple Support

Copyright © 2017 Apple Inc. All right reserved.



Here's what http://x.co/6lsUV points to and very convincing cover to get your info;  
























How to tell this is a Phishing email ?

  1. Check email support@appleid.com [supports@puncakcikree-22.com]
  2. Convert the email view from HTML to text, check for bad URLs.
  3. Hover over all links in email, if it's not from the same as the text then forget it.
  4. The best way is to look at message source, see below.


How to examine Email Message Source ?


Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
And look for phony links.


Report Phishing Email (not as Spam)


  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 


Report phishing at Microsoft and government agencies


  1. https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx

No comments:

Post a Comment