PDA

View Full Version : "Verify AppleID before we closed your account" ...


Rossian
17th Mar 2017, 12:20
......within 24 hours. In the text it suggested opening an attached pdf (says it's secure??). Nothing seems to have changed on SWMBO's iPad. Is this some sort of scam?

The Ancient Mariner

DB6
17th Mar 2017, 12:37
Definitely.
If in doubt log in to the account in question completely independently i.e. use another computer. If no notification there, it's a scam.

andytug
17th Mar 2017, 12:38
Almost certainly a scam of the phishing variety. Never log in to anything via a link from an email, always go via correct path (e.g. favourite or bookmark) to relevant site and log in there.

G0ULI
17th Mar 2017, 13:22
Apple never asks for confirmation in this manner. You may be asked to supply your password when downloading apps or media from the official App Store, even when it is free, but that is it.

You can check, alter and confirm details from a menu at the bottom of the screen within the App Store.

Never supply details to any site that is not owned by Apple, so basically the App Store and iTunes App are the only places that should ever ask for a password.

lomapaseo
17th Mar 2017, 14:43
here'a one I got yesterday
request "cancel De-activation" is that like Deactivate the De-activation" :confused:








OFFICE 365

Dear User,

A request to deactivate your Email account was made and this request will be processed shortly.If this was accidental, you are advised to verify your account to cancel the request now


Cancel De-activation

However, if you do not cancel this request, your account will be deactivated shortly and all data will be lost permanently.

Or you may be asked to enter this security code: 4273
Regards.

Email Admin

This message is auto-generated from Microsoft security server, and replies sent to this email can not be delivered.


Microsoft account symbol

Alsacienne
17th Mar 2017, 17:38
Pass me the whisky and a couple of Ibuprofen ... this is seriously confusing ... do you or don't you? ;-)

Rossian
17th Mar 2017, 17:44
.....that what you've all said would be the case.
Alsacienne no whisky, no Ibuprofen, I did - I binned it and briefed SWMBO accordingly.

The Ancient Mariner

ExXB
17th Mar 2017, 18:32
It's spam or phishing. No doubt.

Check the from email addrsss. If it's not *.apple.com it's not Apple.

Saab Dastard
17th Mar 2017, 22:04
If it's not *.apple.com it's not Apple.

Problem is, even if it is from apple.com, it can still be spam / fishing / malware.

Fake "from" addresses are trivially easy to create.

Even if it seems to be from a legitimate source you should still not trust it.

SD

jimjim1
18th Mar 2017, 04:50
Fake "from" addresses are trivially easy to create.


The analogy I like it that it is exactly as easy as writing a fake return address on the back on an envelope and popping it in the post.

Similarly, phone caller IDs can be faked by anyone with their own internal phone system. I am not sure about those with plain copper lines but essentially any multi-line business using digital lines (ISDN) gets to put their own caller id on the call. This may sound odd but consider the case where for reliability a business buys lines from more than one supplier yet wants to put the corporate 0800 number on the wires as the caller ID. The phone companies allow that. The line user gets to put on any caller ID that they choose.

pulse1
18th Mar 2017, 08:40
The golden rule applies:

Just compare the worst that can happen if it is genuine and you do not respond with the worst that can happen if it is a scam and you do respond.

Avtrician
18th Mar 2017, 09:48
Do not attempt to open the PDF, it will be a concealed executable file that can do anything from sending junk to your address book, to turning your PC to a spam forwarding hub or worse

gemma10
18th Mar 2017, 10:01
Is this one genuine or not? [email protected].
My mother keeps getting asked if she has changed her apple id.

G0ULI
18th Mar 2017, 11:33
gemma10

A scan of that address shows many redirects that end in a cloud account, so I would suggest that the address supplied by you is not genuine. Also the time to get a reply from that address is way too long for a legitimate commercial address, where ping return times are typically much less than a second.

Another trick used by scammers is to create a clickable link that appears to contain a genuine address, but a different address is hidden behind the link with the ink colour set to match the paper colour, so the real link to the scam site remains undetected.

FullOppositeRudder
19th Mar 2017, 01:48
I was the recipient of a string of these messages about six months ago.

I didn't have an Apple ID or an Apple account. I still don't. The messages were deleted at the server.

FOR

ExXB
19th Mar 2017, 08:50
Most spammers are lazy. They will not bother to spoof the from email address. First step is to check it and if it's not apple.com it is certainly spam. If it is, you still need to be careful, following steps as suggested by andytug above.

Currently my spam is almost exclusivly from FedEx and Google. Mostly with hidden links to cheap and phony drug sites. Perhaps also contains malware. I now have my default setting to not open images.

The Flying Pram
24th Mar 2017, 19:50
"Verify AppleID before we closed your account"If this is 100% accurate - i.e. copied and pasted - the mere fact of using "closed" (past tense) before they have actually done the deed should set alarm bells ringing! And there should be a space between "Apple" & "ID".

Poor use of English, and sloppy punctuation, is a hallmark of spammers.

TFP

Cornish Jack
25th Mar 2017, 14:44
Why, why, why do people have to ask if these messages are genuine? Of course they're not!! Even more so the recently received notification of a 'tax repayment'!! No need to analyze or consider if they MIGHT be valid ... they are bad news rubbish!! Into the bin or, preferably, forward to the spoofing agency.

pulse1
25th Mar 2017, 15:32
Why, why, why do people have to ask if these messages are genuine?

I don't normally but I recently got one from Travelex and it did look genuine e.g. correct e mail address etc. It had an attached receipt for £449.70 which I had apparently obtained in the Departure Lounge at T3 at Heathrow. My son had very recently used T3 and I thought it might be his but why would they use my e mail address? He assureed me that he hadn't used them.

I phoned Travelex using a number on their website and they assured me that it was genuine but had been sent to me in error. They asked me to delete it. This raises the question of how did they have my e mail address when I have never used Travelex?

Capn Bloggs
26th Mar 2017, 23:19
Do not attempt to open the PDF, it will be a concealed executable file that can do anything from sending junk to your address book, to turning your PC to a spam forwarding hub or worse
Getting some via email from Google UK (bl@@dy poms! :)); should my Anti-Virus or Anti Malware be picking these up before I open them (which I haven't done)? Thinking of my elderly friends...

Dear Google User.

You have been selected as a winner for using Google services,attached to this email is Our Official Notification Letter for your perusal.

Congratulations,

Matt Brittin.
CEO Google UK.
©2016 Google - Terms & Privacy.

Heathrow Harry
27th Mar 2017, 13:21
don't you miss the old Nigerian 419s? at least they were a good read...........

ShyTorque
27th Mar 2017, 14:25
I've lost count of the number of allegedly "undelivered parcels" we've had recently. The sender of the email seriously expects us to click on the attached .zip file.... no thanks!

My wife is also getting inundated with emails about medical product offers. Clicking on the so-called "unsubscribe" link does nothing.

Heathrow Harry
27th Mar 2017, 15:06
all that does is to tell them you are there - but they don't care TBH they send out millions of emails to lists they buy from crooks and just blast it out in the hope someone will buy or click on the link

Peter47
14th Apr 2017, 19:17
I recently got two bounced e-mails - postmaster@..... which I am sure that I have not sent (although I have been sending a lot of e-mails recently).

Is the scam that you click on the original message and infect your computer (the first) one or follow instructions to resend the message (second one, see below, but please DON'T click on link) or that my machine has been sending out messages that I am not aware of? I don't have Office 365 and use windows live mail which makes me suspicious.

If you do inadvertently open a file will a full antivirus scan make you safe or is it too late?
__________________________________________________________

Your message to zzzzz couldn't be delivered.
zzzzz wasn't found at zzzz.com.
petersgordon Office 365 kharrison Action Required Recipient Unknown To address
How to Fix ItThe address may be misspelled or may not exist. Try one or more of the following:

Send the message again following these steps: In Outlook, open this non-delivery report (NDR) and choose Send Again from the Report ribbon. In Outlook on the web, select this NDR, then select the link "To send this message again, click here." Then delete and retype the entire recipient address. If prompted with an Auto-Complete List suggestion don't select it. After typing the complete address, click Send.
Contact the recipient (by phone, for example) to check that the address exists and is correct.
The recipient may have set up email forwarding to an incorrect address. Ask them to check that any forwarding they've set up is working correctly.
Clear the recipient Auto-Complete List in Outlook or Outlook on the web by following the steps in this article: Fix email delivery issues for error code 5.1.10 in Office 365 (wlmailhtml:{78629EA9-0034-4424-9FA1-6463F4363958}mid://00000155/!x-usc:http://go.microsoft.com/fwlink/?LinkId=532972), and then send the message again. Retype the entire recipient address before selecting Send.
If the problem continues, forward this message to your email admin. If you're an email admin, refer to the More Info for Email Admins section below.
Was this helpful? Send feedback to Microsoft (wlmailhtml:{78629EA9-0034-4424-9FA1-6463F4363958}mid://00000155/!x-usc:http://go.microsoft.com/fwlink/?LinkId=525921).
More Info for Email AdminsStatus code: 550 5.1.10

This error occurs because the sender sent a message to an email address hosted by Office 365 but the address is incorrect or doesn't exist at the destination domain. The error is reported by the recipient domain's email server, but most often it must be fixed by the person who sent the message. If the steps in the How to Fix It section above don't fix the problem, and you're the email admin for the recipient, try one or more of the following:

The email address exists and is correct - Confirm that the recipient address exists, is correct, and is accepting messages.

Synchronize your directories - If you have a hybrid environment and are using directory synchronization make sure the recipient's email address is synced correctly in both Office 365 and in your on-premises directory.

Errant forwarding rule - Check for forwarding rules that aren't behaving as expected. Forwarding can be set up by an admin via mail flow rules or mailbox forwarding address settings, or by the recipient via the Inbox Rules feature.

Recipient has a valid license - Make sure the recipient has an Office 365 license assigned to them. The recipient's email admin can use the Office 365 admin center to assign a license (Users > Active Users > select the recipient > Assigned License > Edit).

Mail flow settings and MX records are not correct - Misconfigured mail flow or MX record settings can cause this error. Check your Office 365 mail flow settings to make sure your domain and any mail flow connectors are set up correctly. Also, work with your domain registrar to make sure the MX records for your domain are configured correctly.

For more information and additional tips to fix this issue, see Fix email delivery issues for error code 5.1.10 in Office 365 (wlmailhtml:{78629EA9-0034-4424-9FA1-6463F4363958}mid://00000155/!x-usc:http://go.microsoft.com/fwlink/?LinkId=532972). (Don't click on this!)

Original Message DetailsCreated Date:4/14/2017 6:12:58 AMSender Address:zzzzzzzzzRecipient Address:yyyyyyyySubject:You have notifications pending
Error DetailsReported error:550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup DSN generated by:CY1PR15MB0329.namprd15.prod.outlook.com

Message HopsHOPTIME (UTC)FROMTOWITHRELAY TIME14/14/2017
10:15:46 AMskunkworx.t2hadvertising.comBY2NAM03FT040.mail.protection. outlook.comMicrosoft SMTP Server4 hr, 2 min, 48 sec24/14/2017
10:15:47 AMBY2NAM03FT040.eop-NAM03.prod.protection.outlook.comBN6PR15CA0014.outlook.offic e365.comMicrosoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256)1 sec34/14/2017
10:15:48 AMBN6PR15CA0014.namprd15.prod.outlook.comCY1PR15MB0329.nampr d15.prod.outlook.comMicrosoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256)1 sec

le Pingouin
14th Apr 2017, 20:33
Probably your e-mail address has been used as a fake from address by the spammers and they're just bounce messages advising the recipient e-mail address doesn't exist. Your e-mail address would have been randomly drawn from the same list as used for the addressees.

Avtrician
15th Apr 2017, 01:24
Rule one,
Dont follow the instructions in the email,

Rule two

Delete the email

crewmeal
15th Apr 2017, 06:19
According to 'Apple Store' I was thanked for purchasing an Ed Sheehan track, then asked to click on the enclosed 'receipt'.

Moral of the story if a link or attachment looks dodgy then it probably is. Delete it. I suppose we'll all get a link at some stage stating your PPRuNe account will be closed, please click on the attachment to reinstate it.

Piltdown Man
15th Apr 2017, 08:21
ShyTorque - the action of "unsubscribing" verifies your email address. The only email you unsubscribe from are the ones who you can lob a brick through their window if they don't. The general rule of internet business is only trade with people whose lapels you can grab to explain what went wrong.

For the future I want to see an email service that requires the sender to fully disclose who they are, where they are, a return email address and a land based, non-premium rate, contact number. If any of these items are missing I don't want the email. It's about time this happened.

PM

crablab
15th Apr 2017, 08:24
For the future I want to see an email service that requires the sender to fully disclose who they are, where they are, a return email address and a land based, non-premium rate, contact number. If any of these items are missing I don't want the email. It's about time this happened.

Just do a WHOIS on the domain?

yellowtriumph
15th Apr 2017, 08:50
I recently got two bounced e-mails - postmaster@..... which I am sure that I have not sent (although I have been sending a lot of e-mails recently).

Is the scam that you click on the original message and infect your computer (the first) one or follow instructions to resend the message (second one, see below, but please DON'T click on link) or that my machine has been sending out messages that I am not aware of? I don't have Office 365 and use windows live mail which makes me suspicious.

If you do inadvertently open a file will a full antivirus scan make you safe or is it too late?
__________________________________________________________

Your message to zzzzz couldn't be delivered.
zzzzz wasn't found at zzzz.com.
petersgordon Office 365 kharrison Action Required Recipient Unknown To address
How to Fix ItThe address may be misspelled or may not exist. Try one or more of the following:

Send the message again following these steps: In Outlook, open this non-delivery report (NDR) and choose Send Again from the Report ribbon. In Outlook on the web, select this NDR, then select the link "To send this message again, click here." Then delete and retype the entire recipient address. If prompted with an Auto-Complete List suggestion don't select it. After typing the complete address, click Send.
Contact the recipient (by phone, for example) to check that the address exists and is correct.
The recipient may have set up email forwarding to an incorrect address. Ask them to check that any forwarding they've set up is working correctly.
Clear the recipient Auto-Complete List in Outlook or Outlook on the web by following the steps in this article: Fix email delivery issues for error code 5.1.10 in Office 365 (wlmailhtml:{78629EA9-0034-4424-9FA1-6463F4363958}mid://00000155/!x-usc:http://go.microsoft.com/fwlink/?LinkId=532972), and then send the message again. Retype the entire recipient address before selecting Send.
If the problem continues, forward this message to your email admin. If you're an email admin, refer to the More Info for Email Admins section below.
Was this helpful? Send feedback to Microsoft (wlmailhtml:{78629EA9-0034-4424-9FA1-6463F4363958}mid://00000155/!x-usc:http://go.microsoft.com/fwlink/?LinkId=525921).
More Info for Email AdminsStatus code: 550 5.1.10

This error occurs because the sender sent a message to an email address hosted by Office 365 but the address is incorrect or doesn't exist at the destination domain. The error is reported by the recipient domain's email server, but most often it must be fixed by the person who sent the message. If the steps in the How to Fix It section above don't fix the problem, and you're the email admin for the recipient, try one or more of the following:

The email address exists and is correct - Confirm that the recipient address exists, is correct, and is accepting messages.

Synchronize your directories - If you have a hybrid environment and are using directory synchronization make sure the recipient's email address is synced correctly in both Office 365 and in your on-premises directory.

Errant forwarding rule - Check for forwarding rules that aren't behaving as expected. Forwarding can be set up by an admin via mail flow rules or mailbox forwarding address settings, or by the recipient via the Inbox Rules feature.

Recipient has a valid license - Make sure the recipient has an Office 365 license assigned to them. The recipient's email admin can use the Office 365 admin center to assign a license (Users > Active Users > select the recipient > Assigned License > Edit).

Mail flow settings and MX records are not correct - Misconfigured mail flow or MX record settings can cause this error. Check your Office 365 mail flow settings to make sure your domain and any mail flow connectors are set up correctly. Also, work with your domain registrar to make sure the MX records for your domain are configured correctly.

For more information and additional tips to fix this issue, see Fix email delivery issues for error code 5.1.10 in Office 365 (wlmailhtml:{78629EA9-0034-4424-9FA1-6463F4363958}mid://00000155/!x-usc:http://go.microsoft.com/fwlink/?LinkId=532972). (Don't click on this!)

Original Message DetailsCreated Date:4/14/2017 6:12:58 AMSender Address:zzzzzzzzzRecipient Address:yyyyyyyySubject:You have notifications pending
Error DetailsReported error:550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup DSN generated by:CY1PR15MB0329.namprd15.prod.outlook.com

Message HopsHOPTIME (UTC)FROMTOWITHRELAY TIME14/14/2017
10:15:46 AMskunkworx.t2hadvertising.comBY2NAM03FT040.mail.protection. outlook.comMicrosoft SMTP Server4 hr, 2 min, 48 sec24/14/2017
10:15:47 AMBY2NAM03FT040.eop-NAM03.prod.protection.outlook.comBN6PR15CA0014.outlook.offic e365.comMicrosoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256)1 sec34/14/2017
10:15:48 AMBN6PR15CA0014.namprd15.prod.outlook.comCY1PR15MB0329.nampr d15.prod.outlook.comMicrosoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256)1 sec


I think you are suffering form 'spoofing'. This means that someone has gotten hold of the name of your email account domain and they are sending out emails 'all over the world' that look as though they have come from you. Apparently it is very easy to do. If the receiving account does not receive your email (or rejects it) then a 'message undeliverable email' is sent back to the sender of the email - which is you - even though you didn't send it originally!


A while back I was plagued with dozens of these undeliverable emails every day. I waited to see if it would calm down or go away of its own accord but it never did, in fact the volume of the emails increased to the hundreds per day and our email accounts were unmanageable in the end.


Now, we have our own web domain (let's call it www.1234.com (http://www.1234.com)) and the emails are handled through this domain. So when I send an email it is sent from [email protected] to the email receiver. We have several email addresses ([email protected], [email protected]) and they are all handled by our domain in the same way. All of these addresses were being spoofed.


In the end I contacted the domain administrator (fasthosts.co.uk) and had a livechat with them, they explained what was going on - they also confirmed 'spoofing' is very difficult to stop. I've posted below part of the livechat cobversation:


I'mafraid this is the part wherein spoofing is gets a bit hard to stop as we can'tcontrol the server that is doing this and sending out mail making it look likeit is coming from you. I can add an SPF record to your domain name, SPF recordsadds an identity line to the mail headers that would allow the valid server ormail host to send out emails using mail address - this stops the spoofing -however the SPF records takes a full 24 hours to take effect. SPF is 'Sender Policy Framework'.


So, I asked the chap to go ahead and do this which he did. It stopped the problem dead in it's tracks and I have not had any of these undeliverable emails since.


I hope this is of some help to you.

sk999
16th Apr 2017, 23:24
At work we have an extensive set of guidelines on how to identify phishing emails. So I received one with the subject in all caps: "IMPORTANT FINANCIAL INFORMATION", from a sender I did not recognize, and a "Click Here" instruction. Of course, I deleted it. The next email was from our finance office saying that the email was legitimate (it was a tax form). Doh! No way to resend either. That's what happens when outsource your payroll. Always something to bite you back.