No. Don’t click that link and don’t put your password in. To be safe, you can go directly to Apple’s site and change your password there. Looks phishy to me.

No

Yeah, I tought that too. I clicked the link, but the link name was fishy itself soo I immidietly left and decided to post this. Thanks tho

N and I can’t stress this enough O

lol no

just check from email this is comming from.

The grammar mistakes on the bottom of the button is enough to question the legitimacy

No. Official emails from Apple will address you by name. Also, the wording in this email is completely off.

No. The bad grammar should be the first indicator.

“you have to completing Verification before 12 hours” made me laugh. Do they not have grammar check on whatever software they come up with the scam text on?

Are you a scammer?? No, absolutely do not use the from email address as a verification. Google “email spoofing” please! Stop replying to stuff you don’t know shit about.

You can check email from which was sent this email. Maybe in … menu you can find more information about this email

That’s comically fake

Apple emails don’t have the Generic google profile pic the official profile picture is the company logo

Whoever wrote this definitely dropped English as their second language in high school 🤦🏻‍♂️

Jeez scammers should really invest in grammarly the amount of grammatical errors is astonishing

Some mail that wants you to do something before some time elapsed if you don’t want to die a horrible death is almost never ever ever ever legit.

That’s exactly what I was going to say.

Sure

Never click on the links if you’re suspicious about the email.

The misspellings and incorrect grammar alone should tell you this is 100% a scam.

Another thing you can do though when you’re unsure, is tap on the sender’s name, and it will show you the email address of where it came from. If it is not from an official company domain, then it is a scam. In this case, it would have come from an “@apple.com” domain, but I can tell you for a fact that it didn’t.

CashApp scams are a big one to look out for. You’ll get an email with the sender name of “CashApp”, but when you tap on the name, the email will be an “@gmail.com” domain, which is obviously not official.

If you clicked on the link, change your Apple password immediately.

Phishing links like this (usually) simply just require you to click on them, then it immediately sends your credentials for the account they’re trying to access back to the scammer. A major red flag that is what is happening, is if you happen to click the link, and it opens up the application on your phone. That tells you that they just got your username and password for that account. However, just because you click the link and the application doesn’t open, doesn’t mean they still didn’t get your credentials.

Never, and I mean, never click on links that you don’t recognize, or have any doubt toward their legitimacy. Better safe than sorry by just not clicking the link to begin with.

Again, since you did click the link, I highly recommend changing the password for your Apple account immediately. Even if you clicked the link and immediately exited out, it doesn’t matter. If they were phishing for your information and just needed you to click the link to get it, then they got it as soon as you clicked.

I’ve worked Cyber Security for a very long time now, I see scams like these all of the time, have learned how to identify them pretty quickly, and figured out what they do and how they do it. Always be on the lookout, some of the emails I’ve seen look pretty damn legit, but there is always a way to point out a fraudulent email from a real one.

Thing is, I wasn't suspicious of the email. Since I'm not a native English speaker, the words just went past my brain and I read them the way they were supposed to be written. I was suspicious when I opened the link. While it was loading I glanced over the link and it just didn't seem right so I lfet the site before it even loaded

Anything that requires you to click a link is a scam.

if you know html coding , that web site has already gather a lot of information about your device . since you click on the link.

I haven't changed it yet, I'll do it immidetly. Will I suffer any consequences for waiting this long?

[removed]

Well, fuck me I guess

Ehem… with HTML only you can’t gather any informations. And with JavaScript, you can’t get that much as well.

I would assume, as long as you are not giving any informations by yourself, you are more or less safe on the web.

The only way to gather more informations not letting the user know about it, is using a vulnerable bug (one of that was getting fixed in iOS 16.3.1), but I don’t know how far you will even get with that.

How does it get your password from just clicking?

Best way is to try to log in to your Apple ID from a secure connection that you initiate: do not click on that link.

No. It's a pile of shit.

Amazes me that scammers who can write decent English just don’t seem to exist.

As long as you haven’t noticed any fraudulent activity within your Apple account, then you should be fine.

If you wanted to be extra cautious, you would also change the passwords of any other accounts that use the same password as your Apple account (if applicable), or at the very least, change the password of any accounts that use the same email address and password of your Apple account (if necessary).

Not all scammers are clever enough, or care enough, to tap into other accounts that use the same credentials, but it’s very common that they may try. They may also be phishing for the purpose of mass collecting credentials to sell on the darknet.

Again, that’s if you want to be extra cautious, but as long as you change your Apple password you should be alright.

Sorry but that’s bs, clicking the link won’t give away anyone’s password. That’s why they’re trying to scam you into typing it yourself. You have to allow a website or an app to log in using your Google or apple login; and even if you do it’s encrypted anyway, no one’s gonna see it

It varies by how the programmer sets up the phishing link (there are also tons of templates scammers can grab online to make basic phishing links as well). But the way it works in most cases, is once you click on the phishing link, it then directs the code to open the application they are attempting to grab the credentials for. Once it opens the target application, it uses the credentials saved in the application (like when you open the application and it is automatically signed in), it then shoots those credentials (email and password) back to the scammer in a .txt file.

These guys literally get incredibly long lists of emails and passwords for the application they are targeting, go through and access those accounts so they can have access to your saved financial information, steal it, or use it to send themselves money.

Clicking a link absolutely will jeopardize your password. Albeit many phishing links aren’t that complex or intricate, but they are more common than you think.

I do pen-testing in my free time on the side, you would be amazed how often I come across those types of links. Apple accounts are more difficult to bypass, sure, but encryption isn’t an automatic guarantee of security, it just requires a little more complexity in the scripting.

Nope, fake. The crappy grammar and the use of times new roman font at the bottom is a dead giveaway for me.

Now I see why people still fall for this shit

No it won’t, stop making up these stories. You won’t get logged in anywhere unless you specifically confirm it by providing your password.

I am not making anything up? Why would I have a reason to lie to a stranger on Reddit. If you haven’t come across those types of phishing links, that’s good for you, but to blatantly deny they exist is pure ignorance.

I don’t know you tell me darknet pentester security engineer. Try me with your script, tell me my password

I never said I was a “security engineer”. I said I work in Cyber Security, which Pen-Testing falls under.

Better yet, I’m not wasting nearly two hours creating a phishing script to prove a point. Again, a stranger on the Internet doesn’t mean anything to me.

With that being said, I conclude my conversation with you.

I’m a web developer and I can confirm this is 100% accurate, just don’t visit suspicious links anyways just so you’re extra safe in case they’re utilizing an unknown vulnerability

That’s a phishing scam. Don’t click it. Report and delete it.

well there is XML , i used to be a web designer using microsoft front page

[deleted]

Definitely a scam. Apple doesn’t force you to sign in right away. You can take as long as you want resetting your password, heck, they even say it might take a week for them to verify you.

If in doubt throw it out.

[removed]

It never says locked it will say “Disabled”

You're talking about session hijacking, mate, you need an exploit to make it work. The idea that you can create a phishing script in 2 hours to steal data from ios is ridiculous. And it's not going to produce a txt with login and pass, that's complete bs. You're familiar with 2FA, right?

Typically if you have to ask if it’s real it probably isn’t real.

No, remove it

Apple would NEVER use that font on the bottom.

XML can’t do anything more than HTML. What’s your point? There is literally no logic in HTML or XML.

Please just take the advice by u/Cool-Click1253 and me, seems like we are both web developers, maybe both with some decades of experience (but we can still be wrong). You cant gather sensitive informations (or any other) via XML or HTML (based upon XML btw…). HTML is only a HyperTextMarkupLanguage, no programming language. its only to describe the structure of the page which should get (mostly visible) rendered.

But still, you are right, that you shouldnt click the link in the first place, if it looks suspicious.

Tim Apple wants to know your location

I’m sure this has been stated. The verbiage in this post is alllllll out of whack. Don’t touch that with a 10ft pole.

Check the email address of the sender

Absolute bullshit… delete it..: