Apple “New Online Update Authentication Procedures” Phishing Scam Email

Email supposedly sent by Apple claims that the company is introducing new online update authentication procedures and you must therefore click a link to validate your account information so that the new security features can be launched.

Brief Analysis:
The email is not from Apple and you are not required to validate your account as claimed. It is a phishing scam that attempts to trick you into visiting a fraudulent website and supplying your Apple ID login details, your credit card numbers, and other sensitive personal information.

Subject: ✔ Support : Account need to update ✉

Failed VerificationDear customer, Regarding Your SafetyPlease note that starting from now we will introducing new online update
authentication procedures in order to safegaurd the information of our customers.

As part of these new procedures we will be implementing our two step
authentication feature which will prevent unauthorised access to your account

In order for us to launch these new features we require you to validate your
account information by clicking the link below

[Link removed]

Apple Failed Verification Phishing Scam

Detailed Analysis:
According to this Apple “security alert” email, which has the headline “Failed Verification”, the company is set to introduce new online update authentication procedures in order to safeguard customer information. It explains that a two step authentication feature will be implemented to help prevent unauthorised access to your account.

But, in order to launch these new features, claims the message, it is necessary for you to click a link to validate your account information.

At first glance, this may seem like a reasonable request. However, the email is not from Apple and the supposed account validation requirement is just a trick to get you to visit a scam website.

If you do click the link, you will be taken to a fraudulent website that has been built to emulate a genuine Apple login page. The fake page asks you to begin the validation process by inputting your Apple ID and password.

After “logging in” on the fake page, you will be taken to an equally fake “account update” form that asks for your name and contact details, your credit card numbers, and other personally identifying information. When you hit the “submit” button on the fake form, you may receive a final message stating that the validation process has been successfully completed.

At this point, the criminals can collect all of the information that you have submitted and use it to hijack your Apple account. They can also use your credit card to conduct fraudulent transactions.

The text of this scam message is apparently something of a template for scammers. Almost identically worded scam messages have claimed to have been sent by other institutions, including banks.

Apple customers are almost constantly targeted via such phishing scams. Be cautious of any message that claims that you must validate, verify, or update your account details. Other versions may falsely claim that an order or subscription you know nothing about has been made via your account and urge you to click a link to cancel.

The Apple website includes information about recognising and reporting phishing scam messages that may come your way.

Last updated: October 13, 2016
First published: October 13, 2016
By Brett M. Christensen
About Hoax-Slayer

“Apple Music Membership Invoice” Phishing Scam Email
Apple ‘Your Order Has Been Placed’ Phishing Scam
Apple ID ‘Security Notice’ Phishing Scam
Phishing & Other Suspicious Emails