Over the holiday weekend some Apple customers began receiving email messages claiming to be from Apple. The message informed customers that they needed to update their billing information or have their accounts shut down. The email included an apparent link to the Apple store, which took users to a sign-in page. Upon signing in with their Apple ID, customers were prompted to update their credit card information. Here is the email:
Now, that looks an awful lot like any other email you’d receive from Apple but there are a few clues that it’s fake (most phishing emails have these sorts of tells). The first and biggest is the link. Although it says “store.apple.com” in the body of the email, the link does not actually go to store.apple.com:
If you get an email from Apple or eBay or your bank that includes a link, the link will always include the actual name/official website of the company you’re visiting. If the link goes somewhere else entirely, it’s a fake. Case in point: store.apple.com. Of course, the best response to an email like this is to delete it, and manually navigate to Apple’s (or your bank’s, or whatever) website and log in to your account that way.
A couple other clues that the email is bogus: pretty much nobody threatens to shut down your account if you don’t update your billing information. You can have an Apple account with no billing information at all. They just won’t let you buy anything. Also, there are usually grammar tipoffs. For example, a legitimate email from Apple would probably not capitalize “Billing Information.” Finally, most direct emails will include either your personal name or your user name in the message greeting, as an indication that the message is legitimate. Thus, a legitimate email from Apple or any other site would say “Dear Bob,” or “Dear bobalicious75,” instead of a generic “Dear Customer.”
Long story short, don’t trust an email just because it looks legit. Read the text carefully for typos and weird grammar, and check the links. Better yet, ignore the email and log in to your account directly and see if there really is a problem.
[Source: The Mac Security Blog]