Email claiming to be from Apple advises that the recipient’s Apple account has been frozen and will remain frozen until the recipient opens an attached file and validates account information.
The email is not from Apple. It is a criminal ruse designed to phish Apple account details and financial information from unsuspecting users.
This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it.
The account will continue to be frozen until it is approved And Validate Your Account Information. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.
This will help protect you in the future. The process does not take more than 3 minutes.
To proceed to confirm your account information please follow the instructions that will be required.
Please downloaded the attachment and open it in your browser.
According to this email, which purports to be from Apple, the user’s Apple account has been frozen temporarily in order to protect it. The message warns that, unless the user opens an attached file to validate account information, the account will remain frozen.
However, the user’s account has not been frozen. In fact, it’s not even cold. In reality, the email is the work of criminals intent on robbing the user of his or her personal and financial data.
If our hapless user gets taken in by the trick and opens the attached file as instructed, a bogus Apple account login page will appear in his or her browser. Once “logged in” via the bogus page, the user will be taken to a second bogus form that asks for identifying information and credit card details.
After clicking “verify” on the second fake form, the user will be transported to the genuine Apple website and may remain blissfully unaware – at least for a little while – that his or her information is now in the hands of fraudsters.
Armed with the stolen data, the criminals can commit credit card fraud and identity theft. They can also hijack the user’s real Apple account and use it for their own nefarious purposes.
Apple, or other legitimate companies, will never ask customers to provide personal and financial information via an unsecure HTML form contained in an email attachment. Scammers are more often using fake forms sent via email attachments rather than links to bogus websites in an apparent attempt to bypass browser phishing warnings.
It is always best to access your online accounts by entering the account address into your browser’s address bar rather than by clicking a link. And NEVER enter usernames, passwords, or other sensitive data via a form contained in an attached file.