Last week we warned that people be aware of potential Christmas scams, especially those involving Apple's products as the company has become exceptionally popular in the past few years.
While the scam I mentioned in our previous warning was laughably fake, apparently a number of Apple customers have found a new e-mail scam circulating that gives the appearance of being quite genuine. The e-mail appears well-formatted with proper grammar, and is styled with shading and official-looking links, addresses, and copyright marks. The message also claims to come from an official looking e-mail address "firstname.lastname@example.org."
Beyond the e-mail looking authentic, the links provided in it are for a fake server that also appears to be authentic. If you click the Apple Store link, the server you go to will ask you for an Apple ID and password, and then display a page that requests you update your personal information including your credit card.
According to Intego this scam is apparently quite widespread, and is intended to target people who have new Macs, iPhones, and other Apple products that might have been purchased this Christmas season.
The best way to avoid any scam like this is to absolutely never click a link in an e-mail message, even if you think the e-mail is legitimate. Instead, go to the company Web site directly and use the resources on its Web site to update your account or access the features requested in the email.
Beyond safe practices like this, you can also avoid scams by checking the address for the pages they link to. While in this case the e-mail message states that its link is for "http://store.apple.com," if you hover your mouse over the link you will see the true URL appear. You can also right-click the link and copy it to the clipboard, followed by going to the Finder and checking the Clipboard contents in the "Edit" menu to see the link.
If you have clicked the link, the very first thing you should do is check the address. All official Web sites for companies, and especially those that contain account information, will have a valid URL and will not use a server IP address. In this case, the address for the server contains an IP address (a series of 12 numbers grouped in threes and separated by periods), followed by a folder containing an Apple-titles HTML document.
For reference, here is a comparison of the login page provided by the scammers (top), followed by the real login page that you will find if you visit any Apple store online (bottom). Note the fake URL in the page, the title that is not the same as the Apple store, and also note the page is not verified. In this case it does not use the "https" protocol and does not have a signed certificate, whereas the real Apple page does (see the green text in the address bar for the valid Apple page):
In addition to the login windows being different, the update forms are also different. In the scam, after you enter your login information (any random information will work), the page will present the following page. In a real Apple store, entering invalid login information will result in an error. Additionally, the official Apple account page (bottom), will have separate pages for entering account information and otherwise managing your account.