"Apple Confirmation Change Password" is a Phishing Scam

Comments: 2
Views: 1,062
Updated: May. 15, 2019 2019-05-15T09:30:07
Posted: May. 22, 2018 2018-05-22T12:35:47
Save
Online Threat Alerts (OTA)

The "Confirmation change password of your Apple" email message below which claims that the recipients' Apple ID has been locked is another attempt by cybercriminals to steal their potential victims’ Apple account credentials. The fake email has links in it that go to a phishing Apple website which steals account usernames and password. The phishing website steals account credentials by asking visitors to sign-in with their Apple account usernames and passwords. Now, any attempt to sign into the fake or phishing website will result in the visitors’ Apple account credentials being sent to the cybercriminals responsible for the scam. Once the cyber crooks have gotten possession of the stolen account credentials, they will use it to hijack their victims’ Apple accounts and use the same accounts fraudulently.

Apple Confirmation Change Password is a Phishing Scam

The "Apple Confirmation Change Password" Phishing Scam

From: Apple Support <4yQaytnQ-Apple-service-4yQaytnQ-mail-support-no-reply@statement-verify-id.com>

Date: May 21, 2018 at 3:24:48 AM PDT

Subject: Re: [ New Statement ] Confirmation change password of your Apple account in Google Chrome ( 20 May 2018 ).

Apple ID Suspicious Activity

Case ID : 13183021

Dear

Foг уοuг ѕаfеtу, уοuг Αррlе ID hаѕ bееn lοckеd bесаuѕе wе fοund ѕοmе ѕuѕрісіοuѕ асtіνіtу οn уοuг ассοunt. Ѕοmеοnе was trying ассеѕѕ уοuг ассοunt аnd mаkе ѕοmе сhаngе οn уοuг ассοunt іnfοгmаtіοn. This the details :

Country : Benin

IP Address : 70.23.71.52

Date and Time : 19:24, 21 May 2018

Browser : Opera

We apologize for locking your account because for security reasons.

If you do not perform this action or you believe an unauthorized person has accessed your account, you must login to your account as soon as possible to verify your information.

Vіеw Αссοunt Infοгmаtіοn

Regards.

Apple ID Support

Copyright © 2018 Apple Inc. All rights reserved.

Apple Support | Apple ID | Apple Service

Apple users should never click on a link in an email message to sign into their accounts. They should instead, go directly to https://appleid.apple.com/ and sign-in from there. If there is something wrong with their accounts, they will be alerted after signing in. Users who were tricked by the phishing scam, are asked to change their Apple account passwords immediately before their accounts are hijacked and used fraudulently. For those users who are unable to change their passwords, are asked to contact Apple Technical Support for help.

Check the comment section below for additional information, share what you know or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search

engine.

Click here help maintain Online Threat Alerts (OTA).

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Would you share this article with others? +

Yes (0)
No (0)

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

May 10, 2019 at 1:06 PM by an anonymous user from: Distrito de Lima, Lima region, Peru
I received a mail from this person whose name is support@apple.com but his email adress is <pinbox.nahanjayaingtau.ders-maills038@ne98fufwf.me>. The subject of the mail was: [NEWS REPORT ALERT] The confirmation password changed in your Google Chrome account. Thursday, May 02, 2019.
At first, when I looked at my inbox, I didn´t suspect that this mail would have malicious content because I read that the name of the sender was support@apple.com. The text content that appeared on the body of the mail didn't have more than this phrase:
Invoice number: 424842533550584 [Wed, May 02, 2019 PM]
At the top the body of the text, appeared the icon of a file called: Activity-Of-Account_ID20896014677536.dot. I was very naive at this point. That's why I downloaded the file...
Then, I checked the properties of the file. I looked for the custom tab, which refers these data:
Name: KSO ProductBuildVer
Type: Text
Value: 10-3310.2.0.7646
I haven't opened this file yet, but I wanna know if I made something wrong by simply downloading this file.
I would appreciate if you can help me providing me more information about this file and also by telling me what to do if I commited a huge mistake by downloading this file.
Thanks.
remove
- May 10, 2019 at 1:32 PM by info
  The .dot is a Microsoft Word Template file, but cybercriminals are embedding malicious code in these files and sending them as an email attachment to their potential victims.
  If recipients attempt to open the malicious attachment, they will be prompted to "Enable Macro", if they do, the malicious Macro code will execute and attempt to download malware on their computers.
  If you do not have Microsoft Office installed on your computer, then the embedded Macro code will not execute or work. The malicious code only works if Microsoft Office installed on the recipients' computer.
  Since you have attempted open the file, scan your entire computer with the antivirus software installed on it.
  remove

Show More Comments (1)

Show all Comments

Write Your Comment, Question, Answer, or Review

NB: We will use your IP address to display your approximate location to other users.

Enter comment, review or question.

Your post will be set as an anonymous because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

Recommendations / Ads