Submitted by Quick_Abbreviations4 t3_1137253 in iphone
Comments
Quick_Abbreviations4 OP t1_j8od16r wrote
Yeah, I tought that too. I clicked the link, but the link name was fishy itself soo I immidietly left and decided to post this. Thanks tho
Bootaymole t1_j8oq0cr wrote
Never click on the links if you’re suspicious about the email.
Quick_Abbreviations4 OP t1_j8ot6zx wrote
Thing is, I wasn't suspicious of the email. Since I'm not a native English speaker, the words just went past my brain and I read them the way they were supposed to be written. I was suspicious when I opened the link. While it was loading I glanced over the link and it just didn't seem right so I lfet the site before it even loaded
expertmysteryshopper t1_j8otkn9 wrote
if you know html coding , that web site has already gather a lot of information about your device . since you click on the link.
Quick_Abbreviations4 OP t1_j8ou63j wrote
Well, fuck me I guess
alphinex t1_j8ow3es wrote
Ehem… with HTML only you can’t gather any informations. And with JavaScript, you can’t get that much as well.
I would assume, as long as you are not giving any informations by yourself, you are more or less safe on the web.
The only way to gather more informations not letting the user know about it, is using a vulnerable bug (one of that was getting fixed in iOS 16.3.1), but I don’t know how far you will even get with that.
Cool-Click1253 t1_j8pdlbr wrote
I’m a web developer and I can confirm this is 100% accurate, just don’t visit suspicious links anyways just so you’re extra safe in case they’re utilizing an unknown vulnerability
expertmysteryshopper t1_j8pvahp wrote
well there is XML , i used to be a web designer using microsoft front page
alphinex t1_j8swepz wrote
XML can’t do anything more than HTML. What’s your point? There is literally no logic in HTML or XML.
Please just take the advice by u/Cool-Click1253 and me, seems like we are both web developers, maybe both with some decades of experience (but we can still be wrong). You cant gather sensitive informations (or any other) via XML or HTML (based upon XML btw…). HTML is only a HyperTextMarkupLanguage, no programming language. its only to describe the structure of the page which should get (mostly visible) rendered.
But still, you are right, that you shouldnt click the link in the first place, if it looks suspicious.
[deleted] t1_j8oty0b wrote
[removed]
[deleted] t1_j8q4nye wrote
[deleted]
DarkNet-Magic t1_j8osvyf wrote
If you clicked on the link, change your Apple password immediately.
Phishing links like this (usually) simply just require you to click on them, then it immediately sends your credentials for the account they’re trying to access back to the scammer. A major red flag that is what is happening, is if you happen to click the link, and it opens up the application on your phone. That tells you that they just got your username and password for that account. However, just because you click the link and the application doesn’t open, doesn’t mean they still didn’t get your credentials.
Never, and I mean, never click on links that you don’t recognize, or have any doubt toward their legitimacy. Better safe than sorry by just not clicking the link to begin with.
Again, since you did click the link, I highly recommend changing the password for your Apple account immediately. Even if you clicked the link and immediately exited out, it doesn’t matter. If they were phishing for your information and just needed you to click the link to get it, then they got it as soon as you clicked.
I’ve worked Cyber Security for a very long time now, I see scams like these all of the time, have learned how to identify them pretty quickly, and figured out what they do and how they do it. Always be on the lookout, some of the emails I’ve seen look pretty damn legit, but there is always a way to point out a fraudulent email from a real one.
Quick_Abbreviations4 OP t1_j8otkzs wrote
I haven't changed it yet, I'll do it immidetly. Will I suffer any consequences for waiting this long?
DarkNet-Magic t1_j8p30qe wrote
As long as you haven’t noticed any fraudulent activity within your Apple account, then you should be fine.
If you wanted to be extra cautious, you would also change the passwords of any other accounts that use the same password as your Apple account (if applicable), or at the very least, change the password of any accounts that use the same email address and password of your Apple account (if necessary).
Not all scammers are clever enough, or care enough, to tap into other accounts that use the same credentials, but it’s very common that they may try. They may also be phishing for the purpose of mass collecting credentials to sell on the darknet.
Again, that’s if you want to be extra cautious, but as long as you change your Apple password you should be alright.
elementaldelirium t1_j8ow3kd wrote
How does it get your password from just clicking?
DarkNet-Magic t1_j8p4rx9 wrote
It varies by how the programmer sets up the phishing link (there are also tons of templates scammers can grab online to make basic phishing links as well). But the way it works in most cases, is once you click on the phishing link, it then directs the code to open the application they are attempting to grab the credentials for. Once it opens the target application, it uses the credentials saved in the application (like when you open the application and it is automatically signed in), it then shoots those credentials (email and password) back to the scammer in a .txt file.
These guys literally get incredibly long lists of emails and passwords for the application they are targeting, go through and access those accounts so they can have access to your saved financial information, steal it, or use it to send themselves money.
Standard-Plan1506 t1_j8p4jh1 wrote
Sorry but that’s bs, clicking the link won’t give away anyone’s password. That’s why they’re trying to scam you into typing it yourself. You have to allow a website or an app to log in using your Google or apple login; and even if you do it’s encrypted anyway, no one’s gonna see it
DarkNet-Magic t1_j8p6wm7 wrote
Clicking a link absolutely will jeopardize your password. Albeit many phishing links aren’t that complex or intricate, but they are more common than you think.
I do pen-testing in my free time on the side, you would be amazed how often I come across those types of links. Apple accounts are more difficult to bypass, sure, but encryption isn’t an automatic guarantee of security, it just requires a little more complexity in the scripting.
Standard-Plan1506 t1_j8p98k2 wrote
No it won’t, stop making up these stories. You won’t get logged in anywhere unless you specifically confirm it by providing your password.
DarkNet-Magic t1_j8padjz wrote
I am not making anything up? Why would I have a reason to lie to a stranger on Reddit. If you haven’t come across those types of phishing links, that’s good for you, but to blatantly deny they exist is pure ignorance.
Standard-Plan1506 t1_j8pb59u wrote
I don’t know you tell me darknet pentester security engineer. Try me with your script, tell me my password
DarkNet-Magic t1_j8pbzp2 wrote
I never said I was a “security engineer”. I said I work in Cyber Security, which Pen-Testing falls under.
Better yet, I’m not wasting nearly two hours creating a phishing script to prove a point. Again, a stranger on the Internet doesn’t mean anything to me.
With that being said, I conclude my conversation with you.
Standard-Plan1506 t1_j8r7aa2 wrote
You're talking about session hijacking, mate, you need an exploit to make it work. The idea that you can create a phishing script in 2 hours to steal data from ios is ridiculous. And it's not going to produce a txt with login and pass, that's complete bs. You're familiar with 2FA, right?
MechanicalHorse t1_j8oi5hg wrote
No. The bad grammar should be the first indicator.
Aut6 t1_j8opvz1 wrote
That’s exactly what I was going to say.
ChipmunkBandit t1_j8p2i0f wrote
Amazes me that scammers who can write decent English just don’t seem to exist.
Wing_Anxious t1_j8oi2ts wrote
No. Official emails from Apple will address you by name. Also, the wording in this email is completely off.
SweetzDeetz t1_j8od7kf wrote
lol no
Moberholtzer86 t1_j8od6mo wrote
N and I can’t stress this enough O
Creyons t1_j8oi0c6 wrote
The grammar mistakes on the bottom of the button is enough to question the legitimacy
mustangs-and-macs t1_j8oiem1 wrote
“you have to completing Verification before 12 hours” made me laugh. Do they not have grammar check on whatever software they come up with the scam text on?
jthrilldr t1_j8olw8f wrote
That’s comically fake
pOmelchenko t1_j8okopp wrote
You can check email from which was sent this email. Maybe in … menu you can find more information about this email
DarkNet-Magic t1_j8orfec wrote
The misspellings and incorrect grammar alone should tell you this is 100% a scam.
Another thing you can do though when you’re unsure, is tap on the sender’s name, and it will show you the email address of where it came from. If it is not from an official company domain, then it is a scam. In this case, it would have come from an “@apple.com” domain, but I can tell you for a fact that it didn’t.
CashApp scams are a big one to look out for. You’ll get an email with the sender name of “CashApp”, but when you tap on the name, the email will be an “@gmail.com” domain, which is obviously not official.
EcstaticSl0th t1_j8p80ys wrote
Now I see why people still fall for this shit
watercoffeebeerz t1_j8od11n wrote
No
babycatsXXXIII t1_j8on489 wrote
Apple emails don’t have the Generic google profile pic the official profile picture is the company logo
NULL4546 t1_j8oo11u wrote
Whoever wrote this definitely dropped English as their second language in high school 🤦🏻♂️
Casual-Gamer25 t1_j8oo1ls wrote
Jeez scammers should really invest in grammarly the amount of grammatical errors is astonishing
Notyourfathersgeek t1_j8op0fk wrote
Some mail that wants you to do something before some time elapsed if you don’t want to die a horrible death is almost never ever ever ever legit.
_toto75 t1_j8opw4u wrote
Sure
endlesswaltz0225 t1_j8otbbu wrote
Anything that requires you to click a link is a scam.
NotAxorb t1_j8p71vt wrote
Nope, fake. The crappy grammar and the use of times new roman font at the bottom is a dead giveaway for me.
RedRose_Belmont t1_j8oxj9q wrote
Best way is to try to log in to your Apple ID from a secure connection that you initiate: do not click on that link.
Puzzled_Counter_1444 t1_j8oxska wrote
No. It's a pile of shit.
SolosSMP t1_j8pf840 wrote
That’s a phishing scam. Don’t click it. Report and delete it.
SaverPro t1_j8q7r4d wrote
Definitely a scam. Apple doesn’t force you to sign in right away. You can take as long as you want resetting your password, heck, they even say it might take a week for them to verify you.
MeMyselfAndMe_Again t1_j8qo155 wrote
If in doubt throw it out.
[deleted] t1_j8qqliz wrote
[removed]
UnderstandingNo5785 t1_j8qtblm wrote
It never says locked it will say “Disabled”
justina081503 t1_j8rqefc wrote
Typically if you have to ask if it’s real it probably isn’t real.
zehcnassurfero t1_j8rze11 wrote
No, remove it
wonderfuljoey23 t1_j8sbe44 wrote
Apple would NEVER use that font on the bottom.
BigSadOof t1_j8sy513 wrote
Tim Apple wants to know your location
trobot47 t1_j8t2460 wrote
I’m sure this has been stated. The verbiage in this post is alllllll out of whack. Don’t touch that with a 10ft pole.
imomo t1_j8ul7yl wrote
Check the email address of the sender
OppositeArachnid5193 t1_j8yx23s wrote
Absolute bullshit… delete it..:
csch1992 t1_j8oegz2 wrote
just check from email this is comming from.
BeenPlacesSeenStuff t1_j8okn6v wrote
Are you a scammer?? No, absolutely do not use the from email address as a verification. Google “email spoofing” please! Stop replying to stuff you don’t know shit about.
tj_ward t1_j8ocw83 wrote
No. Don’t click that link and don’t put your password in. To be safe, you can go directly to Apple’s site and change your password there. Looks phishy to me.