Online Threat Alerts (OTA) - Alerting you to scams and frauds.
Scamming - Fraud
The "Confirmation change password of your Apple" email message below which claims that the recipients' Apple ID has been locked is another attempt by cybercriminals to steal their potential victims’ Apple account credentials. The fake email has links in it that go to a phishing Apple website which steals account usernames and password. The phishing website steals account credentials by asking visitors to sign-in with their Apple account usernames and passwords. Now, any attempt to sign into the fake or phishing website will result in the visitors’ Apple account credentials being sent to the cybercriminals responsible for the scam. Once the cyber crooks have gotten possession of the stolen account credentials, they will use it to hijack their victims’ Apple accounts and use the same accounts fraudulently.
From: Apple Support <4yQaytnQ-Apple-service-4yQaytnQ-mail-support-no-reply@statement-verify-id.com>Date: May 21, 2018 at 3:24:48 AM PDTSubject: Re: [ New Statement ] Confirmation change password of your Apple account in Google Chrome ( 20 May 2018 ).Apple ID Suspicious ActivityCase ID : 13183021DearFoг уοuг ѕаfеtу, уοuг Αррlе ID hаѕ bееn lοckеd bесаuѕе wе fοund ѕοmе ѕuѕрісіοuѕ асtіνіtу οn уοuг ассοunt. Ѕοmеοnе was trying ассеѕѕ уοuг ассοunt аnd mаkе ѕοmе сhаngе οn уοuг ассοunt іnfοгmаtіοn. This the details :Country : BeninIP Address : 70.23.71.52Date and Time : 19:24, 21 May 2018Browser : OperaWe apologize for locking your account because for security reasons.If you do not perform this action or you believe an unauthorized person has accessed your account, you must login to your account as soon as possible to verify your information.Vіеw Αссοunt InfοгmаtіοnRegards.Apple ID SupportCopyright © 2018 Apple Inc. All rights reserved.Apple Support | Apple ID | Apple Service
From: Apple Support <4yQaytnQ-Apple-service-4yQaytnQ-mail-support-no-reply@statement-verify-id.com>
Date: May 21, 2018 at 3:24:48 AM PDT
Subject: Re: [ New Statement ] Confirmation change password of your Apple account in Google Chrome ( 20 May 2018 ).
Apple ID Suspicious Activity
Case ID : 13183021
Dear
Foг уοuг ѕаfеtу, уοuг Αррlе ID hаѕ bееn lοckеd bесаuѕе wе fοund ѕοmе ѕuѕрісіοuѕ асtіνіtу οn уοuг ассοunt. Ѕοmеοnе was trying ассеѕѕ уοuг ассοunt аnd mаkе ѕοmе сhаngе οn уοuг ассοunt іnfοгmаtіοn. This the details :
Country : Benin
IP Address : 70.23.71.52
Date and Time : 19:24, 21 May 2018
Browser : Opera
We apologize for locking your account because for security reasons.
If you do not perform this action or you believe an unauthorized person has accessed your account, you must login to your account as soon as possible to verify your information.
Vіеw Αссοunt Infοгmаtіοn
Regards.
Apple ID Support
Copyright © 2018 Apple Inc. All rights reserved.
Apple Support | Apple ID | Apple Service
Apple users should never click on a link in an email message to sign into their accounts. They should instead, go directly to https://appleid.apple.com/ and sign-in from there. If there is something wrong with their accounts, they will be alerted after signing in. Users who were tricked by the phishing scam, are asked to change their Apple account passwords immediately before their accounts are hijacked and used fraudulently. For those users who are unable to change their passwords, are asked to contact Apple Technical Support for help.
2
I received a mail from this person whose name is support@apple.com but his email adress is . The subject of the mail was: [NEWS REPORT ALERT] The confirmation password changed in your Google Chrome account. Thursday, May 02, 2019.At first, when I looked at my inbox, I didn´t suspect that this mail would have malicious content because I read that the name of the sender was support@apple.com. The text content that appeared on the body of the mail didn't have more than this phrase:Invoice number: 424842533550584 [Wed, May 02, 2019 PM]At the top the body of the text, appeared the icon of a file called: Activity-Of-Account_ID20896014677536.dot. I was very naive at this point. That's why I downloaded the file... Then, I checked the properties of the file. I looked for the custom tab, which refers these data:Name: KSO ProductBuildVerType: TextValue: 10-3310.2.0.7646I haven't opened this file yet, but I wanna know if I made something wrong by simply downloading this file.I would appreciate if you can help me providing me more information about this file and also by telling me what to do if I commited a huge mistake by downloading this file.Thanks.
The .dot is a Microsoft Word Template file, but cybercriminals are embedding malicious code in these files and sending them as an email attachment to their potential victims.If recipients attempt to open the malicious attachment, they will be prompted to "Enable Macro", if they do, the malicious Macro code will execute and attempt to download malware on their computers.If you do not have Microsoft Office installed on your computer, then the embedded Macro code will not execute or work. The malicious code only works if Microsoft Office installed on the recipients' computer.Since you have attempted open the file, scan your entire computer with the antivirus software installed on it.
