In Anatomy of a Phish-The Hook (Part 1) we examined the actual phishing email. Upon first examination it looked pretty official, but the grammatical errors, capitalization and English gibberish were amazing!
Let’s move on to the deception. When clicking on the link, the user will be redirect to an official-looking website requesting your Apple ID and password. Below is the fake website followed by the real Apple ID website. I have highlighted some areas with red boxes to draw attention to them. (Apologies for the blurry quality.) Let’s compare.
Both websites look official.
- Box #1 shows the tab and includes the Apple icon with a Sign In distinction. Slight difference in the two, so not too concerning.
- Box #2 is the address bar. Look at the lock icon on the fake site as compared to the true site. It is an outline and should be colored in green. And the ridiculously long URL on the fake site should start you questioning this page.
- Box #3 The links contained in the fake site are not functional. In fact, no links found in boxes 3-5 function. All links on the true site are fully functional.
Let’s log into the fake site.
Well I’ll be darned. Looks like my account is truly locked after all. Guess I’ll click on the link to unlock my account. That should take care of it.
Continue to Part 3