We often come across news items online about people who say their social media accounts (or some other online account) was hacked. Well, believe it or not, there are bad people out there who are trolling for your account info for certain nefarious (yes… that’s a real word and not a pun on a character from Despicable Me) reasons. They easily get such information from you with a scam email designed to make you panic and share sensitive info.
I wrote this article to help you look out for one of the ways hackers try to get our personal info. I received such an email just a couple of hours before writing this and it was supposedly from Apple. It claimed my Apple ID was used to sign in to iCloud on an iPad mini named “iPad” in Netherlands. I’m in Nigeria. The email also provided a link I could follow to indicate I wasn’t the one who had signed in on “iPad”.
Now I found this email weird because while I do have an Apple ID with the email address that was stated, I hardly ever use said Apple ID. However, I was worried that the possible thief would attempt to buy music using my account or something like that. Keeping this in mind, I clicked on the link and was directed to a website with a sign in portal.
I entered my Apple ID and password and was redirected to a page on which I could enter personal info like my name, address, date of birth. And after this form was another form that requested I enter debit card details (card number, security code, expiry date). At this point, I knew this was all a fake.
In case you haven’t quite caught on, the forms were being used to get information from me. The first log in form was to get my Apple ID and password with which they could either use to log into my Apple account or get a good idea of the password to my email account. The next form was to get more info with which to have more info for more guesses (a lot of people use their birthdays as password or pin). The last form was to obviously get debit card details.
How to identify such scam email
Here is a quick list of red flags to look out for which such scam emails.
- Take a look at the email address the email was sent from. It must end with the web address of the company that sent it. In this case, that would be apple.com. The email should be from firstname.lastname@example.org and not from say a gmail or yahoo mail.
- You might get carried away and forget to check the source email. Check the web address after following the link. In my case, I checked that it was apple.com (or a sub domain). It was not. Instead, it was from a verif-applid-cloud.ga. Best practice is to never follow such links though. Just go directly to the website and sign in.
- You might miss the first two red flags in your panic. Remember that NO ONE will ask you for banking details just because your account was used by a stranger. They only be require that you change your password. Not even your bank will ask for such information online.
If you fall victim or get to red flag 3, it’s a good idea to change password of your account(s). You must remember to look out for these in every email with a link in it. About 2 or 3 years ago, I got a scam email from my “bank” as well. The link in the email also took me to a well faked website of my bank. So beware! They are really out there for you.
The best way to avoid such scams is to type the web address of the company yourself. So go to apple.com directly and log in rather than following the link in the email.