IT security researcher Mehrdad has noticed an increase in Apple users reporting that they couldn’t access their iCloud accounts. One of his clients said he received an email from Apple which claimed his iCloud account has been blocked and asking them to click on a link in the email. From the screenshot below, you can see that the email might look like a legitimate email from Apple, but after looking at the headers, there are a few things to note.
While the sender shows Apple, but it actually came from:
AppIe+iWT2XUJ (at) relay.skynet.be
The URL in the email looks like it goes to www.icloud.com, but it really goes to:
www (dot) cityjoinery (dot) com/iCloud
It is important to train your users to identify potential phishing and scam emails. While anti-phishing and anti-malware software and appliance could help prevent the emails from reaching the users’ inbox, there’s no such thing as 100% protection. If an email gets through the prevention systems, then it is up to the end users to identify the scam and report it.