Saturday, July 31, 2021

Apple ID Spam Breakdown

Take a look at the Apple ID spam I received.  I broke it down by email, attachment, malicious link in the attachment and verdict of that link.  You will see how convoluted spammers can get.

First, I received this email - 

You can observe many things from just this image:

1.  The "Re:"  This indicates that the email is a reply-to, but it is not.

2.  The "from" address is NOT Apple or anything related to Apple. 

3.  Neither is the "to" address

4.  After those three indicators, the attachment cannot be a good thing.

So I researched the attachment and found ONE link in it.

It is not a recognizable link and seems to be shortened (see more about 'tiny' URLs here).  So I input that link into an on line tool called Get Link Info:

Notice the redirections this link takes (a redirection is code in the URL you originally choose, that "redirects" you to another).

I then researched the final redirection and found this:

So, you would open the attachment, which is NOT malicious (but you don't know that, so do NOT open the attachment), click on the link in that attachment, then you are redirected to this page, which IS malicious.  And if you did get through, it would look like Apple's website - but it is not.   My Chrome browser, that uses Google Safe Browsing, indicated it was not a very nice place to visit.