AMITIAE - Thursday 26 May 2016
Cassandra: Phishing for Apple - Same Source, New Approach, Same Result
By Graham K. Rogers
This morning, two mails arrived with a slightly different approach. As before, the message uses an email account that is linked to my website and that is all I use it for. Real messages from Apple use different accounts.
The message is similar (if reworded):
Apple Global Service Exchange
If you are going to try to catch unsuspecting users, it might be good to start with the grammar and punctuation (Apple usually does). The difference with this message was that, instead of a straight-forward link to a (spurious) site, this message had an HTML file as attachement.
QuickLook showed me the details of this
Taking the same approach as I had with the earlier messages, I checked the raw source of the message and it was sent from the same IP number again using Microsoft applications. Interestingly, also like the message before, the return email address is shown as "firstname.lastname@example.org", not "no-reply"
No, no, no.
Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. He is now continuing that in the Bangkok Post supplement, Life.
For further information, e-mail to
Back to Home Page