You won't be fooled by hysterical phishing emails, but you know people who will

Posted:
in General Discussion edited September 4

Once again there's a new iCloud phishing email that is so poorly done that AppleInsider readers will be able to spot it, but will be shockingly effective to some susceptible to its hysteria, its appalling grammar, and its blinding font choices.

Cloud storage renewal payment failed, warning that your photos and videos will be deleted.
Detail from an apparently hysterical but really much more sophisticated phishing attempt



You've been using Apple gear for long enough that if you don't happen to have had emails from the company, you at least know what they would be like. Or what they would not be like.

Apple does not use exclamation marks. It doesn't use one, it certainly doesn't use two in a row.

This is the company that is so obsessed with design that when its original Macs would crash, the machine would still display a Susan Kare icon of a bomb.

So when you get the email that's going around now, shrieking about iCloud space running out and "your photos and videos will be deleted!!", you're not fooled. You know it's a con, and the fact that it uses 14 different font faces does not change your mind.

But if you think the people sending it can't write, have no taste, and learnt design from a 1980s clipart manual, you're wrong. Every bit of this nonsense is planned and is there to do one of two extremely specific jobs.

First, the email has to get by Apple's junk mail filter. Neither Apple nor any other service provider will ever explain their junk filtering rules, but when you're a spammer sending out literally millions of these emails, you learn tricks.

One of those tricks does appear to be that mistyped words or malformed sentences help the email get through.

And once it's got through, the email has precisely one more job to do. It's got to get as many people as possible to click whatever link is in it.

The overwhelming majority of people who get the email will not fall for it, but the spammer doesn't care about them. They care about tiny minority who will, if they can be persuaded by the email.

Phishing email with warnings about potential photo and video deletion. Subscription details showing expiration date, storage usage, and options to update payment information.
The full phishing email currently doing the rounds



Phishing emails are a con done at unimaginable scale. Millions upon millions of people are emailed, so even a small percentage of that is potentially a gigantic number of victims.

Plus sometimes we are primed to believe an email like this latest one claiming you're running out of iCloud space and all your precious family photos are at risk. We're primed because enough of us really are running out of iCloud space.

Now, this might speak to how Apple is positively miserly about the amount of iCloud space it provides for free. But it's again just a straight numbers game -- some people genuinely reach their limits and if you're emailing everyone, you're going to hit at least some of them.

It's still the case that Apple is tasteful, so if someone does near their limit, they get a clear notification on their device. They don't get 14 font faces and 8 colors.

But people are primed, people are unaware, and people get caught out. In a report that in truth didn't add up, Jamf claimed that 9% of mobile users -- across all devices, not just iPhones -- fell for phishing attacks in 2024, for instance.

It's not ever that people are foolish, it is always that the phishing is quite brilliantly well done. It is always the case that people phishing know both what they are doing, and how it won't fool more than a fraction of people.

Even you can well be fooled. You, an AppleInsider reader who knows that Apple hires teams of poets to write its emails instead of handing over crayons to children.

If it weren't true, then phishing would never work and it would stop instantly. Every time you see an email like this, remember that somehow, with some people, it is working extraordinarily effectively.

You can't stop the phishing and you can't warn the world. But you can look out for yourself and you can warn friends and family, you can tell them how to spot a phishing attack.

For advice for you or them, advice on everything from phishing emails to spam calls, see the AppleInsider guide. And when you've spotted a suspicious email, you can forward it to reportphishing@apple.com, too.



Read on AppleInsider

Comments

  • Reply 1 of 6
    My wife gets multiple versions of this every day.  I very seldom do, I don't know where she goes, or what she does on the internet. She is constantly getting scam e-mails that her Cosco, Sirius, or icloud subscription has lapsed.  We don't even have a Cosco, or Sirius subscription. 
    watto_cobra
  • Reply 2 of 6
    One of those tricks does appear to be that mistyped words or malformed sentences help the email get through.”

    this is oddly true yet somehow my important emails get spammed (not like I get actual phishing emails often).
    watto_cobra
  • Reply 3 of 6
    mdirvin said:
    My wife gets multiple versions of this every day.  I very seldom do, I don't know where she goes, or what she does on the internet. She is constantly getting scam e-mails that her Cosco, Sirius, or icloud subscription has lapsed.  We don't even have a Cosco, or Sirius subscription. 
    We get very few phishing emails.  Perhaps a couple per week.  Possibly because we don't do any social media, streaming, cloud-anything, and have no paid subscriptions.
    watto_cobra
  • Reply 4 of 6
    entropysentropys Posts: 4,312member
    I have been getting this email the last few days. I hope my father doesn’t. He got caught with the old “your Mac has a virus” one before Christmas. Had to wipe the drive for him and restore from backup (fortunately I had set him up with a relatively foolproof backup system). And thank goodness I had not set him up for online banking!

    These scum prey on the elderly.
    watto_cobramuthuk_vanalingam
  • Reply 5 of 6
    eriamjheriamjh Posts: 1,764member
    I think I got one.   

    The reason they have deliberate spelling errors is this: if you’re dumb enough not to notice the errors, you’ll more likely to go through with it.  


    You’d think that the errors would reduce the likelihood of finding a sucker, but it actually hooks better suckers.  
  • Reply 6 of 6
    arlorarlor Posts: 533member
    Caution online and gmail generally manage to keep my email phish- and spam-free, but lately I've been getting these hilarious texts allegedly from the USPS or UPS about missed packages or packages stuck at customs.

    The dead giveaway for me is that I'm 100% the real USPS or UPS would never ever "wish you a blessed day!"
Sign In or Register to comment.