Caveat emptor: let the buyer beware, for if it’s too good to be true, it almost always is.
Sometimes it’s emails telling you that you’ve won the lotto, or that there’s tens of millions of Middle Eastern or African dollars the relative of some dictator has squirelled away, needing only your help to get out of the country, but most of us are well aware of those messages – even though so many still reportedly get caught and scammed.
So, the scammers have become “cleverer” at their disgusting scam-foolery, and seek to dream up ever more potentially semi-plausible scams designed to separate the unwary from their money, with this newest crunchy caper just the latest ample example.
The news has come forth from the latest posting at the Naked Security blog by the highly clued-up Sophos security sophisticate, Graham Cluley.
If only it WERE true, it’d be a stunningly awesome discount, enabling the purchase of a 64GB iPhone 5 for $99 instead of $999 – or other amazing deal that only exists in a parallel scammer’s universe.
The email purports to come from “apple.com.au” – even though Apple never uses a .com.au address to send emails from, only ever “apple.com”.
As Mr Cluley explains, the scammers not only want to know “your name, your address, date of birth, driver's license [and] your mother's maiden name”, they also naturally want to know your credit card details, security code and even your “Verified by Visa” or “Mastercard SecureCode” to complete the identity theft deal.
The Naked Security blog posting notes that the email in question contains the following (fake) information:
“Dear Apple Customer,
“Apple is rewarding its long-term customers. Your loyalty for our products made you eligible for buying an Apple Discount Card. With this only 9 AU$ Discount Card you will have 100 AU$ credit at any Australian Apple Store or on http://www.apple.com/au/ .
“To acquire your Apple Discount Card please download and complete the attached form.
“100 AU$ Credit Bonus
“(You will receive your Apple Discount Card via e-mail in the following 24 hours after your payment has been made.)”
There’s also an HTML form attached to the email called “Apple Discount – Complete this form to get your discount.html” where you get asked all those personal and financial details, which you should naturally not fill out!
So, please – if you or anyone you know has received this email, it’s worth immediately deleting.
Clearly, if you’ve made the mistake of filling out the form, please alert your bank immediately, and take whatever other precautions you can to avoid future episodes of identity theft from that stolen info.
As always, a generous dose of extreme scepticism to online and emailed claims of any sort should always be liberally applied every couple of hours, and if symptoms persist, please see your Internet security professional!