Online accounts are becoming harder to hack, so hackers are using phishing emails to trick you into revealing login details. Here is a guide to spotting phishing messages on your iPhone.
Most email services provide some sort of spam detection, but even so, some junk messages still get through the filters and end up in our inboxes. Some junk emails are phishing attempts and you must be on your guard. The consequences of getting caught by phishing can be severe.
Hacking online accounts is hard and it requires a lot of technical skill, but anyone can write an email and send it to thousands or even millions of people. If that email can convince you to reveal the login details for an online account, such as Apple, Amazon, Google, Paypal , banking and so on, then there is no need to hack your account. The attacker can simply sign in with the details you provide them.
Once in your account, they can buys goods, empty it of your money and so on.
Phishing attempts are usually by email, but they could come via text messaging, WhatsApp, Facebook Messenger and other services. The same techniques can be used to spot the fake messages.
Spot Phishing emails
You need to beware of emails and treat with suspicion any that:
- Ask for details of online accounts
- Alert you to a problem, such as account suspension
- Ask you to sign in to accounts, like 'Click here to sign in', 'Confirm your login', and so on
- Do not address you by name
They are probably fake.
Here is an email that claims to be from Apple and it tells me of a problem with my account. It is a long message so I scrolled down a bit for the second screenshot.
Notice that it is addressed to Dear Customer and this is immediately suspicious because Apple knows my first name and last name and usually includes it in emails. Phishing emails are sent out in their thousands or millions and almost never include your name.
The From looks strange too. From: Apple Statement? I can’t remember seeing that before, which makes it looks suspicious.
Then there is the request to Confirm Your Account. Phishing emails almost always tell you to click a button or a link to sign in or confirm your details, so this looks suspicious. Never tap links in emails on your phone. In phishing emails like this they usually go to a fake website that records your login details. Hand them over and you will lose your account, and possibly your money too.
How to check your account
This is an email phishing for for Apple login details, but it could just as easily be for some other online account, store, banking and so on. In this case the email says there is a problem with my Apple ID, so Safari is opened and I went to the appleid.apple.com website.
After logging in and checking each of the sections, no problems could be found, no messages, no errors, nothing. If there was a problem then it would be clear, so the email was obviously a phishing attempt. (Which I knew already.)
If the email is about PayPal then log in to PayPal through the app or the website in Safari. Do not click the link in the email. Similarly if the email is about Amazon, then log in to the Amazon site with Safari. If it’s banking, then log in to the website or use your banking app to log in. Do not tap the link in the email.
Always use Safari or an app to log in to services and don't tap links or buttons in emails.
Because this phishing email was about my Apple ID I could just as easily used Settings to check my iTunes store account, iCloud account, and other Apple services, all of which use the same Apple ID.
Ways to avoid phishing
- Be suspicious of any email or text message reporting a problem with an online account or service
- Do not press links in emails or text messages
- Log in to the website using Safari
- Log in to the service using the app
- Get another email address and keep it secret
I knew the email was fake even before reading it because I have several email addresses and the account with the email was not the one I use with my Apple ID. You can have as many email addresses as you want and it is useful to get a new address and use it only with your online bank, Apple, PayPal or other service.
Don’t tell anyone else about the email address. This means phishing emails that arrive in your old public email account are easily spotted if you have a secret email known only by a select few.
- Written by Roland Waddilove
- Published: 06 September 2017