One of my customers recently contacted me about a nasty letter they got saying that someone had gone in an signed them up for a Netflix account. The possibility that they might have been hacked both startled them and also made them anxious enough to click on the link right in the email.

They were taken to a page that looked very much like the current Apple website, but something in their intuition made them stop and check out the site. 

As they checked out the site, they realized that none of the dropdown menus on the website worked, unlike the real Apple website. The website looked just a little fuzzy, and indeed, it was a picture of the real Apple website. 

Something in their gut told them not to trust what was happening, and so they stopped and called me.

They were kind enough to share with me what they received in their email, which consisted of some text as well as a PDF attachment. I haven‘t checked, but I would bet the PDF probably has a virus in it that could zap Windows machines or out-of-date copies of Adobe Acrobat. That is just one more reason to use Apple’s Preview program, which I will cover in a future blog post. Let’s take a closer look at the telltale signs that showed this was a scam email:

An analysis of a spam email

The weapon that spammers use against us is alarm. They try to use intimidation techniques to both inspire fear and sometimes shame so that you stop and react without thinking. The very best defense you have any time you see something alarming is to stop and take a deep breath, and then take a gut check.

Stop and re-read the email. Let’s look at some salient points:

  • The email starts with Dear Customer, which is terribly common with spam email because the scammer is blindly sending out emails and they don’t have any of your personal details to go on at the beginning. A big company like Apple will have a personal relationship with you and will always use the contact info you gave them when you set up your account.
  • Apple is a company that prides itself on attention to details. They would not let incorrect grammar or punctuation go out in customer facing email. Notice that the first paragraph is missing a period at the end of the last sentence.
  • The last paragraph has a comma which is then followed by a capitalized word. That’s a sign that this email was not written by someone who speaks English as their native language. That does not totally implicate the sender as a scammer, but it is a feature common to scammers.
  • No AppleID is listed. Apple would always tell you about the AppleID involved with a problem as some customers have more than one AppleID.
  • You can’t tell from this picture, but the original email was actually sent as PNG image instead of as text. The print looked fuzzier than regular text so that immediately caught my eye as a warning sign. I think that the scammers sent the spam as an image so that the text would not trigger and junk mail filters.

Now let’s look at the PDF attachment that came with the email.

This email also displays a woeful lack of grammar, still starts with Dear Customer, and finally, it doesn’t contain any valid credit card information like the last 4-digits of the credit card number.

A wonderful feature in the macOS Mail program for email is that you can place your mouse over a link in an email and see where it will take you without actually clicking on the link. The first thing I do whenever I see an email that I have questions about is to check the links to see if they go to a legitimate website or not. In this case, it surely does not.