Adding to recent Mac malware scares, a phishing email claiming to be from the Apple Store has been spreading from inbox to inbox. The message—which is cleverly designed to mimic the look and feel of an official Apple mailing—clicks through to a fly by night software site which is almost certainly a phishing ploy. The accompanying landing page even attempts to emulate Apple’s virtual storefront to further con message recipients. Though the copy found in the message and its corresponding landing page are written in typical “Spamglish,” there are a few other red flags strewn throughout the email.
The first item to examine whenever a suspicious email arrives, is the sender’s address. Cunning spammers have developed schemes to deceive some users at first glance—for instance sending PayPal themed spam from a non-existent, but official sounding, address like accounts@paypal.us.com. In this case, the spammer is a little less savvy and their address shows as a random jumbling of letters followed by @live.com. Any official correspondence from Apple should always end with apple.com. Further telling is the landing page’s URL. The phony message links to an address other than store.apple.com—a dead giveaway. In an effort to further debunk the hoax, TUAW performed a WhoIs lookup on the URL exposing the domain is registered in St. Petersburg, Russia. Hmm, something seems phishy and I don’t think it’s caviar.
Often times, the best practice when an unsolicited or questionable email comes in is to reach for the ‘delete’ key. In almost all instances, these phony messages are not worth the time it takes to verify their authenticity. Chances are if you delete an important message by accident, it can be recovered or its information resent from the party in question. Once you information goes out to a phisher, though, you’re entirely at their mercy.