No Phish For Me Today

I read this story this morning.  “There’s A New Scam To Steal Your Gmail Info, And It’s Hard To Catch“.  In the article, there’s a phishing login page compared with a legitimate Google login page.  I must admit, it looks good, very good.  I could see how someone might fall for it if they were unfortunate enough to want to click a link sent to them by email.

Almost on cue, I received a couple of phishing emails myself.

Now, this was relatively easy to spot.  Note that the source of the email had nothing to do with the actual company that it was supposedly going to send me to.  Of curiosity, I did what you should always do in these cases and hovered my mouse over the “SHOP NOW” link and checked to see the address that I would be sent to if I clicked.  It was somewhere ending in .ru so I just did a screen capture for this post and then blew it away.

The second phish attempt was more difficult to determine.  It came on the heels of me buying a song from the Apple Store (American Skin 41 Shots by Bruce Springsteen) and I had been lying down playing Words with Friends on my iPad when it came in.  I opened it and the sender was online@apple.com.  Kind of legitimate but I became suspicious with the “online” account.

But, as a good user, I read the message in case it was important.

Now, on an iPad, you don’t have the option to hover over a link.  What to do?  What to do?  Of course, the paranoid in me says “don’t do anything until you get your hands on a mouse”.  But then I read it again and spotted the flaw.  There’s no possible way that this message came from Apple.  Can you spot it?

It’s too bad because I’d like to complain about what a beast iTunes has become.

Oh, and by the way, the hover technique revealed that the destination link ended in .au

Bottom line, you can’t be careful enough.  When there’s any kind of doubt, just don’t click.  If it’s important enough, they’ll send you a second message of contact you in another way.