A fake survey claiming to be from Apple is making the rounds this morning. It’s pretty much your basic phishing email. It offers the recipient the chance to take a survey in exchange for $115 Apple Store gift card. Of course, if you know what to look for, the email is full of red flags.
First off, there are numerous grammatical errors in the body of the email itself. That’s always your first clue that an email like this is a fraud. Apple makes gazillions of dollars. They can afford to have people proofread the emails they send out. If you get an email from Apple – or any other major company for that matter – that reads like it was written by a sixth grade dropout, you can be sure it’s phony. Interestingly, though, email scammers don’t include grammatical errors because they’re idiots. They include them because the kind of person who catches grammatical errors is less likely to fall for an email scam. It’s a way of homing in on the easy marks. Here’s the text of the email:
Of course, if the poor grammar (“your loyalty for our products,” “eligible for buying“) doesn’t tip you off, the “opportunity” they offer should. They don’t say they’ll give you a $115 Apple Store gift card for participating (Apple gift cards don’t come in $115 increments, by the way), they say they’ll give you the chance to buy one for $10. Not only that, they offer to mail you the gift card four days after you pay for it. Right.
If you open the survey that’s attached to the email, here’s what you see. It’s a decent but unconvincing attempt at looking like an official Apple page, but the fact that it’s attached as an HTML file you have to download (rather than a link to a site with an Apple domain), is a major red flag:
Finally, at the bottom of the survey you’ll find the section where you enter your billing information. If you’ve ever paid for anything online, you probably have a pretty good idea of what is required to complete a transaction. In this case, you may notice that there are a couple extra fields:
Yep, not only do they want your standard information – name, address, ZIP, credit card number, expiration date, and security code. They also ask for your PIN, your card’s issuing bank, and, most alarmingly, your Social Security number and birthdate. In case you’re unclear on this point, there is no reason for any online retailer to ever ask for your Social Security number. Ever. At all.
That, of course, reveals the whole point of this email: this isn’t just a way to scam $10 out of people who think they’re getting a good deal on an Apple gift card. No, it’s a way to get enough information to commit identity theft.
Of course, Apple is all too familiar with this sort of scam. Last month they published an updated support page to help customers distinguish legitimate Apple emails from fake ones. This email fails several of the tests they list to identify real Apple emails: it includes an attachment, it asks for your Social Security Number, your full credit card number, and your credit card’s CCV code.
Unfortunately, scams like this are all too common. While there are all sorts of ways to identify scams, the best thing to do is to keep your wits about you and remember that if an offer – like $10 for a $115 gift card – seems to good to be true, it’s probably fake.