A particularly rotten phish

1f229267_Rotten_fish_by_Desfibrador.jpeg

Phishing - the act of sending out emails that look like they’re from some service you use that are actually trying to make you give up your user name, passwords, and even credit card info - has reached a new low. This morning I received an email from the “App Store” thanking me for signing up for the Apple Music trial and telling me I’d be charged $59.99 at the end of the trial unless I canceled by July 31... (see image below).

 The phishing email. Looks kind of official, doesn't it?

The phishing email. Looks kind of official, doesn't it?

Why was this phishing email so “rotten”? Well, not only was it extremely well-crafted (it looked like an Apple email, with few of the rampant typos and poor grammar usually found in phishing messages), but it was well-timed. Just yesterday I had been considering finally signing up for Apple Music. I actually thought for a moment that perhaps I had signed up! But the terms of the 3-month trial and the subscription price seemed off, so I checked the “App Store” email address, which actually ended up being from a “music.org” address. On iPhone and iPad, checking the address is as simple as doing a tap and hold on the address, while the same can be accomplished on Mac by clicking the disclosure caret (the downward pointing angle that looks like this - ∨). 

 That's definitely not an Apple App Store email address...

That's definitely not an Apple App Store email address...

Of course, the phishers don’t want you to respond to the email - they want you to click on the “cancel subscription” link, which points you to a lnkd.in address (see screenshot below). My guess is that the address -- which is on business social media network Linked In -- is some sort of relay to redirect your browser to a false Apple Music site or App Store, where you'll be asked to enter your Apple ID and password. 

 A tap and hold on the "Cancel your subscription" link brought up this address, which appears to be a redirect page on Linked In.

A tap and hold on the "Cancel your subscription" link brought up this address, which appears to be a redirect page on Linked In.

Needless to say, I quickly forwarded this piece of rotten phish to Apple through their phishing address:  reportphishing@apple.com. Remember to do this any time you receive a phishing email, so Apple can do its best to try to block that email. 

Now it's time to go to the real Apple Music page and start my subscription!