I got a message that a purchase had been made at the App Store. If I hadn’t made this purchase, click this link and report it.
Sadly I did click the link and they asked for my Apple ID and other identification. I got suspicious when they asked for my social security number and clicked out of that link.
I called Apple and they confirmed that I had been phished. I’ve spent the last hour changing my passwords on my bank accounts, of course Apple ID, 401k, PayPal, Venmo and any others I can think of.
I’m usually very very careful. I think I caught it right away.
Thought I would warn anyone else who apparently wasn’t being sharp today.
I get those all the time. If I didn’t make a purchase…I send it to spam. You know you can check the email address of the sender…and really it’s never Apple.
@thumper1 yep! Usually more vigilant than today. I checked the email address but after I clicked the link unfortunately. Apple had me forward them the email and yup. Phishing!
Our legitimate notifications come via a phone call. Personal information is never requested, just asked whether or not a particular charge was authorized.
I just got an email telling me an old password I used to use and that malware had been installed on my computer which logged porn sites I had gone to and had activated the camera on my computer to video me masturbating to porn. The email threatened that if I didn’t send them $1500 in bit coin, the video would be distributed to my contact list. I don’t go to pornography sites and don’t have a camera in my computer. Nice scam. Can you imagine there are actually people who fall for this!
So sorry @deb922 . Sometimes you have to really study an email to figure out the “source”. My H asked me to check an email today from a store cause mail from them usually comes to his inbox but this one was in spam. I looked and yep, the email address sending it was NOT the store email. I told him in ever in doubt for a store email like that to just ignore it - he’s so take a chance to save $5 - I told him the chance is not worth it!
It is very common to fall for those, so don’t beat yourself up. Our IT department does test phishing to train us to NOT fall for things, and one of them a couple of years ago caught our whole legal department - and we completely know better. It was an E-card thing and we were all so flattered that we opened the link!
@MichaelNKat I have a male friend who DID sweat bullets over the porn/password scam. Apparently, he wasn’t completely innocent. I googled the scam for him and he was very reassured.
Nobel prize winning Economist and NYT writer Paul Krugman tweeted to almost 5 million people that his IP address has been used to download child pornography and his
employer “was on the case.” So even Nobel laureates fall for this.
Interestingly, I just got a legitimate notice Friday from Discover that someone had used my card number at an Apple app store, and it was suspicious. They were totally on top of it, wiped out the charge, and I got my new card in 24 hours. So this one was not a scam, but same product. Which is odd.
@MichaelNKat , I had that exact same one! I did email all my contacts to tell them not to open any links in any email from my address. I didn’t pay any Bitcoins either, lol.
My server identifies the incoming email address and I can always see if that email from amazon came from somewhere like Hong Kong.
And then there are people like Brit Hume, who should know better before they post a screenshot of their computer (about election prediction / “betting odds”) with visible open tabs on top of the screen, one of which was “sexy vixen vinyl”. Oops.
DH got the email about being videoed while masturbating to porn. He thought it was hysterical.
So much spam, but it really isn’t that hard to figure it out. I do two things:
Have my cursor hover over the alleged email address in the list of emails I have. If it’s fake, you’ll see something weird.
If a source that seems to be kosher is telling me to click on a link in the email, I’ll just enter (not copy) the link into another window. If it’s real, it will take me to the company’s correct web page and I’ll see whatever the email is telling me to see. If it’s fake, I’ll see the company’s correct web page but not the information the email is telling me about.
Barbara Corcoran (Shark Tank, previously owned big deal Corcoran Realty) got scammed out of a few hundred $k. That was an admin’s error but kudos to your company, @MomofWildChild, for trying to be vigilant.
I get these emails all the time. I also don’t visit such sites and don’t have a camera on my computer, so I have never fallen for it. It is a little disturbing that they know that old password. Also, they point out that they are sending the email from my own email address (which it does appear that they are doing) which is also weird.
The closest we’ve come was when my husband got an email from the code enforcement officer in a small town in Maine. Husband had asked him some questions and the guy sent us a bill. The bill was at the top of the chain of emails previously sent below, so it looked legitimate. Husband was incensed - code enforcement officers aren’t supposed to send bills! I said, “Wait a minute - let me see that.” Sure enough, the sending email address was fishy. We called the town and they said someone had hacked into their email system. They thought they had fixed the hack, but obviously they hadn’t! That really spooked me - that someone could get hold of a town’s emails like that and then contact the recipients! I wonder how many people sent the guy money!
