I received an email tonight from a company called “App Sec-Team,” which I had no idea what it was until I looked a bit deeper. The only reason I even saw this email message is because it skipped the SPAM rules on both Mac OS X Mail and Gmail’s SPAM filter. This is an interesting scam in that it appears to be from Apple, which it’s not–and it brings you to a form that looks exactly like an official Apple iCloud form, right down to the graphics and icons used. This is a FAKE site and you must NOT enter any personal information! I’ll break it down one piece at a time below:
Here’s what the original email looks like, including the scary header (“Account Verification”) that would trick a good portion of people into opening the email (since it skipped the SPAM rules!):
A somewhat-official email supposedly coming from Apple, but, it’s coming from a phishing company!
The actual email says this in the body:
As part of our security policy, we’re moving to a new sign in process for our Apple accounts, called 2-Step Verification. 2-Step Verification adds an extra layer of security by requiring you to enter a verification code (similar to a PIN) after you enter your usual information. You will receive the verification code through your email address.
Why are we doing this?
2-Step Verification helps protect your account from unauthorized access due to a compromised password. Even if your password is cracked, guessed, or otherwise stolen, an attacker can’t sign in without a verification code, which only you can obtain via your own email address.
This is 100% fake and it is certainly not from Apple. Here’s a screenshot of who it’s actually from which is “firstname.lastname@example.org”:
This is a completely fake entity, appearing to look like Apple
Going a bit further, if you happen to click on the “Verify your information, Get activation code from Here” link that they try to trick you into clicking, you end up here–and this is pretty convincing to someone who isn’t used to things like this–a completely fake site that is masquerading as a real Apple website–which even I was thrown for after seeing it for a quick first time due to the official graphics and wording:
Lastly, let’s check the final nail in this coffin–the website that this fake iTunes Connect screen is hosted at–which in real life would have to be something with ‘apple.com’ in it–however–this site resides on a web server called ‘www.greenbvc.com,’ which is clearly not Apple in any way. If you had entered in this information as the form asked for, you would now have a stolen credit card and most of your personal data in a database somewhere probably offshore. But, it gets even stranger if you dig deeper into the URL that this fake page is stored: “http://www.greenbvc.com/” which brings you to this site which actually seems legitimate:
Why does a fake Apple site point back to this site?
My gut feeling is this guy’s site was hacked and this fake Apple verification page was placed there without his knowledge. The bigger message here is the layers that these scam companies will go through to get your personal data. Stay vigilant, people. If you have any question about this type of scamming, or phishing as it’s referred to, please contact Capital Mac Service before you fill out any forms or click on literally anything on the web.