Apple iCloud scam warning

Earlier today I got an email ostensibly from Apple, which told me that my iCloud ID was facing deletion because I had not ‘confirmed’ it. The email read:

You’ve not yet confirmed your iCloud ID [redacted] and it’s now pending removal from all associated services.

Apple Account: [redacted]

Customer ID: [a 7-figure number, redacted just in case it’s real]

To comply with mandatory EU regulation and to confirm your details, we need to fully certify your Apple ID. You can do this by visiting Apple Store with a valid form of ID or electronically as long as all the information you have provided is valid. To complete this online please proceed to login below.

http://icloudtechnical.org/myaccount/?email=[redacted]

We apologize for any inconveniences that may result from this process however we are required to confirm your details because of recent changes in ‘Know your Customer’ EU regulations.

Regards,

Apple Support

I actually clicked the link, and was about to enter my password, but clicked around some of the links (the website is made up to look like Apple’s own). Some of them led to the Apple website but others were dead links. I then did a WHOIS search on the domain and discovered that the IP address was French, and that the same IP address (176.67.168.179) also had two other domain names associated with it, one of them beginning “paypal-protects”. The fake iCloud domain is registered to a woman in Redenhall, Norfolk, England; the “paypal-protects” domain is registered to a woman in Weybridge, Surrey. I just contacted the woman in Norfolk and she recalls following a link in a similar email, but balked at entering her credit card details. Clearly, entering her Apple ID was useful enough for them.

I’m normally wise to scam emails, but they nearly got me with this one. They are looking for identities to steal and other people’s money to spend. If you get an email that looks like it’s from Apple, make sure the links are to Apple.com. (Twitter knows the website is a scam address, as it would not publish a tweet containing it.)

Possibly Related Posts:


Share