Spams that are common often claim that your account has been locked out and needs to be fixed. That’s to say that on a daily people are driven to phishing campaigns.

Meanwhile this one looks like a phish and follows the same pattern as a phish but goes somewhere else entirely. See mail below that claims to be from Apple, and is titled – Re: [Ticket #265763] Your Appl‌e‌ І‌D has been locke‌‌d‌‌ on [date]

No, your Apple ID has not been locked

Re: [Ticket #265763] Your Appl‌e‌ І‌D has been locke‌‌d‌‌ on [date]

It reads as follows:

Your AppI‌e‌ ‌l‌D‌ ‌‌h‌‌a‌‌s‌‌ ‌‌b‌‌e‌‌e‌‌n‌‌ ‌‌l‌‌ocke‌‌d‌‌ on [date] 2022 for ‌‌s‌‌ecurit‌‌y‌‌ ‌‌r‌‌eason‌‌s‌‌ ‌‌b‌‌ecaus‌‌e‌‌ you have ‌‌r‌‌eache‌‌d‌‌ the ‌‌maximu‌‌m‌‌ ‌‌n‌‌umbe‌‌r‌‌ of ‌l‌n‌v‌a‌l‌i‌d‌ ‌s‌i‌g‌n‌-‌i‌n‌ ‌a‌t‌t‌e‌m‌p‌t‌s‌

You cannot ‌a‌c‌c‌e‌s‌s‌ your ‌a‌c‌c‌o‌u‌n‌t‌ and any AppI‌e‌ services

‌‌T‌‌o ‌u‌n‌l‌o‌c‌k‌ your account, ‌y‌o‌u‌’‌l‌l‌ ‌n‌e‌e‌d‌ ‌s‌o‌m‌e‌ ‌a‌d‌d‌i‌t‌i‌o‌n‌a‌l‌ ‌v‌e‌r‌i‌f‌i‌c‌a‌t‌i‌o‌n‌

For your ‌‌s‌‌ecurit‌‌y‌‌ and to ‌‌e‌‌nsur‌‌e‌‌ only you have ‌a‌c‌c‌e‌s‌s‌ to your ‌a‌c‌c‌o‌u‌n‌t‌. We will ask you to ‌v‌e‌r‌i‌f‌y‌ your ‌i‌d‌e‌n‌t‌i‌t‌y‌.

E.g., Fake Apple Mail

From phish to website spam

You would expect that clicking on “verify account” would take you to a phishing page, that mimics Apple. But this one doesn’t.

Instead, the link takes people on a random domain mystery tour. That’s to say it takes you to some domains are that are purely advertisements, while example sites below include hotels, cladding services to polytechnics.

So, there’s no consistency or reason for the URL’s popping up. And you could be taken anywhere without warning, just because you clicked on the link.

It currently leads to what appears to be a half-finished page about QR code generation.

A QR code website

Why is this happening?

OK we’ve established that this not a phishing campaign even though it looks and feels like a phishing campaign, but no phish are here.

However, it is creating a phishing style panic as you click and click through multiple URLS via email campaigns. So, for the below service, someone has signed up and is using this to spam.

Navigating to the URL included in the mail with the campign component stripped out leads us to the below message:

Mail blasting for fun and profit

So, your mailbox is full of missives mail spammers will even abuse legitimate services. And some of these will slip through defences even if they are the most careful service provider and when there are countermeasures in place.

In other words, spam will get through no matter. Importantly have a reporting feature in place if you provide mail marketing services. It’s so crucial to be able to tie valid registrant details to campaign URLs. It’s also so much better to highlight in mails sent out in some way that it’s via your tool or app, if it’s possible.

Keeping yourself safe from mail spam

For recipients, much of the typical spam mail advice applies here:

  • Get into the habit of reporting spam especially if it is unusual. Not just your “please buy this t-shirt” missive. Block and report if it’s a social engineering trick of some kind, or even something malware related. If everyone gets in the habit of always reporting spam it will help keep the bad content away that bit quicker.
  • Now if you’ve clicked and are redirected to a phish, you’re just before handing the scammer your logins. A massive red flag are websites asking for details without the HTTPs. But this is no guarantee of safety from phishing as scammers often make use of HTTPs certificates. So the best course of action is to say no if you receive emails from Facebook or Google or anyone else asking you to visit links and enter personal details.
  • To test it you could “strip out the campaign portion of the URL and see where you end up.” But you can’t determine beforehand if this URL is genuine or from a rogue website. So, it is potentially risky even if you try using search engines. It’s still a shot in the dark.
  • Lastly, spammers tend to reuse their bogus mails continuously. So, stay on guard as one may redirect to random websites while the next may drive you to a phishing domain.

It’s worth cleaning up your security

How can we make your business better with IT?