Thursday, December 18, 2014

Phishing Email - Your Apple ID information has been updated.

Phishing Email Subject -  Your Apple ID information has been updated.

If you receive this crafty email similar to below, then it beware it's probably a phishing email attempt that is recently going around. What to do?  Report them, goto bottom of page.

Action > Report the Phishing URL to Google now, click this link

Subject : Your Apple ID information has been updated.

The following changes to your Apple ID were made on Thursday December 18 at 15:11:37 (GMT):
Credit card
If you need additional help, contact Apple Support.
Apple Support

How to tell this is a Phishing email ?

  1. Is email is from you to you, then it's phishing.
  2. Hover over all links in email, if it's not from the site then forget it.

    In above example, all the links and source images seem to be from Apple website except the link.

    You can test this
    in the above example, since I crafted that from source HTML of the phishing email. Try it, hover over links to examine the source URL. Note: I have re-coded to report as phishing site to Google.

    In the original phishing email, hovering over pointed to spam site The correct link when you hover over should be
    Reading email in Outlook generated pop-up "Click to follow link"

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1.>Actions->View Message Source. 
  2.>More (down arrow to top right)->Show original.

For this phony email, well look at the top 25 lines of the message, known formally as the "message header".

Invalid return-path:

line 23 you have Return-Path:
and is suspect because domain was registered in Italy (
.it) and nothing to do with Apple. is being investigate for a Paypal phishing and has reported links to Italian Mafia.

These are valid return-paths for Apple 

  • Return-Path: 
  • Return-Path: 

Why look at "Return-Path"? When the e-mail is put in the recipient's mailbox, a new mail header is created with the name "Return-Path:" containing the address on the MAIL FROM command. So it's a quick hit to determine authenticity.

Report Phishing Email (not as Spam)

  1.>Junk (at Top)->Phishing Scam
  2.>More (downarrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links


Report phishing at Microsoft and government agencies


Report phishing emails to Apple 

Forward the email to This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.


  1. Can u help me about this? I m in trouble please help

    1. My first reaction is, I think Apple can help you -
      and there it says; "To report spam or other suspicious emails that you have received in your, or inbox, please send them to"