Gullible Apple users targeted by bogus order cancellation scam Cybercrooks are targeting Apple iCloud users with phishing messages designed to steal financial information. A new run of spam messages offer a slight twist on the popular ”bogus order" scam. Instead of simply telling you about a payment you're supposed to have made, prospective marks are invited to cancel a transaction …
"... bad grammar in the spam email ..."
Hell really will break loose when they've finally nailed the grammar and spelling; slowly but surely over the years most of the rest (formatting, matching bank to TLD in email address etc) has dropped into place, and often its grammar as the last defence that stops the mail even being worth a second look for many people. I've had one or two over recent years, including purportedly from "Apple", that have given me cause for a closer scrutiny they're so good.
Companies being tighter with the number of domains they use would help a good deal as well - even legit ones often come with initially dodgy looking links.
I always cringe when expert advice on avoiding phishing includes "a sign of a scam is bad grammar or spelling". Suggesting it's a good way of identifying phishing will result in a false sense of security and there is far more pertinent and useful advice that should be got across instead of this.
It's true that many scams are done by people who are bad at English, but it is not a sure sign of a phishing email. It is not beyond scammers to write an email without a spelling error, and plenty of authentic emails contain errors.
So as a "warning sign" it's not something you can depend on in any way.
"but it is not a sure sign of a phishing email"
But it ought to rack your sense of caution up a notch.
Looking out for scams of any kind should never rely on one thing alone, but it IS often a single thing that marks it beyond doubt as bad and not worth further consideration, unless there's something to be learned.
I've often considered setting up a simple spelling-n-grammar correction service. Along the lines of "Send me your specialist e-mail or document, with a Bitcoin payment. I'll correct your spelling and grammar then send it back to you." P.S. Advice to scammers: don't start your e-mail with 'My Dear'.
If you are going to make news on every type of scam, I will be happy to forward to you every such email I receive. I assure, some of them are pretty imaginative.
Trouble is, if you focus on this kind of "news", you might not have space for actual news. So, next time please do feel free to ignore "press release" from Sophos etc.
A thought provoking read. Thank you.
While it's difficult to imagine a scammer using this level of analysis to craft an email, I found that the body of the mesaage is crafted to filter out those with more than half a brain so enticing only the stupid and therefore more vulnerable to be compelling.
Interesting because it suggests we've been going about the wrong way to try and stop scams like these.
Rather than boosting email security and junk filters we just all need to start replying to all Nigerian/Ivory Coast/Congo/etc 'princes' and they'll eventually get overwhelmed by all the responses that don't lead anywhere. The scam becomes unprofitable and all the scammers will have to go and find other ways to get rich...
..probably by attacking all those accounts that now have less security as a result of the above...
"we just all need to start replying to all Nigerian/Ivory Coast/Congo/etc 'princes' and they'll eventually get overwhelmed"
I'd like the mail services to add an option to forward each mail in the junk folder to the Reply to addresses of all the other mail. That would overwhelm them PDQ.
Re the various West African scams; try looking up "419 busters" or maybe "419 baiters". There's a load of people do lead them on and document it. Often hysterically funny results. The scammer with a very serious expression and a loaf of bread and a fish perched on his head is an image I won't forget in a hurry.
Another day, another phishing scam. I've turned in two Apple user phishing scams over the past month to both Apple and SpamCop.net. My pleasure. I've collected samples of several other Apple user phishing scams over the past seven years.
Expect phishing.
"Protip: Don't click links in emails from unknown senders. Ever"
Nearly all of the scam emails I get are from KNOWN (or ostensibly known) senders. These include friends whose machines have been compromised, imposters who have stolen customer databases, and companies who are violating their privacy agreements and sending me crap emails I have opted out of. The last two are usually indistinguishable to the point that the (real) company itself (when contacted by phone) cannot tell me if it's something they actually sent.
The usual tip-off is not an unknown sender, but either 1) something I've supposedly opted out of or 2) an unexpected or nebulous subject line: Something like "Click here to read your e-Card" (with a link to a site registered in Indonesia). Whenever I get such emails from anyone, I do a View Message Source before opening it. There's usually a bomb under the hood.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
