It’s no secret online scams are on the rise. A record high of people is being victim every year. In fact, more than 16 million were a victim of some kind of identity theft in 2017.
I was almost scammed. Here’s my story, a real case scenario.
In the middle of the night, I woke up to use the bathroom, before going back to bed I quickly checked my emails. And I stumbled upon a suspicious email, supposedly from Apple about a transaction from the App Store with a payment receipt document attached to it.
Besides iCloud, I don’t have other subscriptions from either Apple or any third-party apps. I used to subscribe to Apple music, I canceled it a few months ago.
In my mind, an unauthorized person might have access to my Apple ID. The email didn’t look quite right, but my fear of losing control of my Apple Id quickly wiped over that worry. I got scared and ultimately I opened the payment receipt.
To my grand surprise, here’s what I found.
Take a few seconds to scan through the document. Take a good look at this receipt. Does it look like a receipt from Apple itself? Does it seem legit to you?
From top to bottom, this receipt screams scam. You don’t have to be too savvy or an IT professional to identify a scam email.
To make it easier, here’s a real receipt from Apple. You can see the difference right off the bat.
But I almost fell prey to this scam because I believed my Apple ID was compromised and all I wanted is to gain control of my Account and cancel that transaction.
Without thinking twice, I clicked on the link embedded in the body of the receipt that says: To Cancel Your purchase within 48 hours of receiving this Invoice, Go to Cancel and Manage Subscriptions.
And it took me to Apple’s official website, where I can manage my Apple ID.
As soon as I entered my Apple ID, it took me to another page with a warning saying: “This Apple ID has been locked”, with options to unlock the account. I really started to freak out at this point – seriously.
But I kept going, in my mind, it was just Apple helping me to unlock my hacked Apple ID. I wanted to regain access and lock the bad guys out as quickly as possible – knowing he/she can make purchases with my Apple ID, sending e-mail messages or iMessages as me, accessing my iCloud data, etc.
That fear prevented me from making any rational decisions at the moment. And I continued with my dangerous adventure, without thinking again, I pressed Unlock Account, which took me to another page. But that time requesting all kinds of personal information.
Okay fine, Apple would need my personal information to verify my identity. So, no big deal.
The first red flag I finally recognized was the Social Security Number. It was at that particular moment I realized it was a scam. There’s no way on earth Apple would ask me for my SSN to verify my account. Now that I got my first red flag, I started getting more clues and little details that reassured me it was a scam, a poorly executed one. But man they almost got me.
These are the red flags that made me beyond suspicious:
The URL: manages-orderapp.dynv6.net. A URL from Apple’s official website would definitely not look like this. It doesn’t even include Apple on it. Some scammers would throw the word “apple” somewhere in the URL to make it look legitimate.
When I clicked on the Apple logo in the middle it took me to the same page. It should’ve taken me to Apple’s Homepage, which was not the case.
Nothing happened when I clicked on the Menu and Shopping cart icons on the upper left and right corner, respectively. These were fake icons, I couldn’t even click on them.
If you take a closer look at the verification form, you’ll notice that “Social Security Number” is all caps, which doesn’t follow the form format. To give you context “Personal Information” is not all caps. The text inside the box, which is shorter than the other boxes, is all lower caps – again doesn’t follow the format.
Take a look at both pictures right above, specifically the Email sender and the subject line. For Christ’s sake, what’s that email: [email protected]…? And, by the way, did you spot that grammatical error in Thanks written “Thank’s”.
The “To” field got two email addresses: Noreply and 1 more. When I clicked them, now it’s just one email address: [email protected], which happened to be none of my email addresses. But how on earth is that email sitting in my inbox? Weird! That’s a sign that email didn’t actually come from Apple.
Here’s another error “we`ve disable” and that’s not even an apostrophe. That was a poorly written phishing email. English is definitely not his/her first language. But he/she only got one job to do, to scam me. But here we are.
There are even more clues about that sloppy phishing email. These are from the supposedly Payment Receipt. This email was full of bad grammar and spelling. I could go on and on it will never end.
What You Can Learn from My Mistake
Scammers have been trying to exploit Apple users to gain access to their accounts. My case is a typical example. I’d be in deep s**t if I had given away my personal information including my SSN. I’ve never felt so vulnerable or embarrassed about not realizing that I’d been fooled until it was nearly too late.
Here’s what to do when you receive a phishing email:
Phishing emails try to scare the s**t out of you with warnings about stolen information – they can send you a normal email with fraudulent activities from your account like purchases, which was my case.
Whatever the case is, they’ll always offer help. Sometimes easy help like a click and that’s how you’ll become a victim.
Rule #1 – Stay calm. Don’t freak out, no matter what the email says. Chances are you’ll make a mistake that you’ll regret forever.
Rule #2 – Don’t open attachments or click on links in emails. Open a new browser and go to the company’s website, sign in there. If something is really wrong you’ll know. They’ll notify you.
Rule #3 – Use common sense. But if you freak out there’s no way you’ll be able to analyze, use common sense and make rational decisions. That’s why rule #1 is critical. Always stay calm.
In my case, I wasn’t calm at all. I freaked out thinking someone has access to my Apple ID and started to click like crazy.
I was lucky enough they were not after my Apple ID but rather my Social Security Number. As soon as I entered my Apple ID, I was told my account was locked, then they took me to another page requesting my personal info.
If you live in the U.S and receive a phishing email about your Apple ID, file a report by forwarding it to the Federal Trade Commission (FTC). But due to the government shutdown, they’re not receiving any more report at the moment. Once the government is funded the site should be back working fine. Make sure to secure your Apple ID with two-factor authentication.
Have you ever been scammed? Were you in situations where you almost got scammed? Share your story with us.
If you found value in this article, please share and/or recommend it t your friends so they can benefit from it too.