Phishing Example: ITunes Access Disabled

February 21, 2016

What makes this a Phishing message?

  • The sender address is highly suspicious - it is meant to appear to be from Apple Support, but it is not.
  • "Dear User" is an inappropriate salutation; the signature from "Inc.Apple" is also a poor attempt to fool the recipient.
  • The "Click here" link leads to a malicious website.


Original Message:

Subject: Your access has been disabled
From: "App.Support" <no_reply@appsupport.com>
Date: 2/21/2016 4:33 PM
To: <adress removed>@berkeley.edu



Dear User

Your Itunes-ID has been disabled .
You've place your account under the risk of termination by not keeping the correct informations .
Please verify your account as soon as possible.
Ready to check ?
Click here to get back your account.


Sincerely,
Inc.AppIe


Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to consult@berkeley.edu.  Be sure to include the entire text of the message, including the email header.