Oddly enough, this same thing happened to me from Thurs to Friday. Various contacts of mine got spam emails from my me.com address, even though I never use it (it's only linked to my Apple ID account). I'm guessing now it was only those in my iCloud contacts since not everyone got the spam. The emails were along the same lines however. It got to a point that my password was changed. I had to use the reset password process to get back into my account. The next day it was changed again on me to the point I had to again reset it. I ended up having to change my Apple ID completely and so far things seem to be good again.
Unfortunately, I don't this this issue is a joke as something is amiss on the iCloud security side. I've never had any of my accounts hacked until now and I don't use simple passwords nor dictionary words. I'm hoping it was only for a small share of us users, but hopefully Apple investigates this issue.
Why am I not believing this? If your password got changed by someone who hijacked your account through social engineering, or true hacking, you would no longer have access to it anymore, so you couldn't re-change the password. Anyone smart enough to change your password on you would also change the secondary address, credit card info and security questions to lock you out forever (right after they raped the credit card for transferrable iTunes credit). Since you mention none of this, I think we can safely assume none of that happened, so no you weren't hacked by anyone.
As I posted earlier, no hacking is necessary to send email spoofed with your email address. Since bootleg spam address lists are truly gigantic the fact few real contacts also got emails from your spoofed address are statistically reasonable. Now if EVERYONE on your contacts list got he same spam from aspoofed-you you might have had a real problem. But without that you are just ignorant of what the real problems and probabilities of spoofing related actions are.
Since that isn't what you said, and your first paragraph has so many holes from the standpoint of what would have happened had your account really been hacked that it's not reasonably probable, I think we can just agree to disagree and I'll ask you to not make stuff up anymore.
Why should you not type in real answers to security questions? If proper questions are used then the information isn't readily discoverable at least no more so than a random answer.
Really? Most security questions are laughably easy to answer for just about anyone - go ahead and answer 'em if you like. My point was aimed at those complaining that the questions Apple was asking were too easy to guess. Instead of fussing at Apple to change the questions, it's far easier (and far more secure) to just change the way you answer them....
That is the most amusing read I have had for the day! I guess it is just about time for us to start using common words in passwords again. Geesh. I sometimes forget the passowords I make for certain sites.
What should I do? It sure looks real, but I'm in a sharing mood. If anyone is bored and wants to claim the 2M for themselves it will be fine with me. I never really liked Cynthia anyway.
ZENITH BANK INTERNATIONAL PLC.
Zenith Holdings Plc
8 Canada Square.
Victoria Island Lagos Airport
Road E14 5HQ. Nigeria.
Telephone: (+234-8082406316)
Attention: Attention: Attention,
I know this letter will come to you as surprise one but I want you to read
this with maturity. This day, one Mrs. Cynthia Edward, came to my office
to let us know that you are DEAD, and before your death, you instructed
her to come for the claim of your funds in the tune of US$2, Million that
was long abandoned in your name with this bank (ZENITH INTERNATIONAL BANK
PLC) this is what we want to verify from you before we make the payment to
who came for the claim.
(:I) Did you authorize Mrs. Cynthia Edward to come for your claim?
(ii) Are you truly Dead OR Alive?
If (NO) you are hereby advice as a matter of urgency to reconfirm the
details of this message within 24hours, hence your funds shall be wired
into her account without any more delay.
Lastly, you are advice to reconfirm the details of this message and get
back immediately with these information\'s
Below..
1. Full name:................
2. Direct telephone number:...
3. Address:.................... ..........
4. Your personal identification to enable us confirms you are not dead.
This information\'s above must be provided for reconfirmation to Enable us
make payment to you, hence, your funds will be remit/wire into her account
as already provide to this management.
We wait for your urgent response today. You need to act very fast, because
if this bank wait for your urgent reply within three working days and did
not received any message from you, you will be consider dead, and your
funds will be transfer to Mrs. Cynthia Edward.
Here is an account provide by Mrs. Cynthia Edward to this bank, are you
also the one who ask her to provide this bank account to us?
Washington Mutual Bank
2075 S. Victoria Ave
Ventura, CA 93003
800 788-7000
Acct. name: Mrs. Cynthia Edward.
Type: Checking
ABA # 322271627
Acct # 1951204345
Amount: US$2, Million.
Furthermore, this bank discovered that you have been dealing with some bad
eggs officials whom SCAMED some money from you without doing the right
thing, Be advice to STOP further communication with them, your funds is
now approved for payment, follow the right procedure now.
This message demand urgent attention, the bank is waiting to hear from
Comments
Quote:
Originally Posted by nicholas_hagen
Oddly enough, this same thing happened to me from Thurs to Friday. Various contacts of mine got spam emails from my me.com address, even though I never use it (it's only linked to my Apple ID account). I'm guessing now it was only those in my iCloud contacts since not everyone got the spam. The emails were along the same lines however. It got to a point that my password was changed. I had to use the reset password process to get back into my account. The next day it was changed again on me to the point I had to again reset it. I ended up having to change my Apple ID completely and so far things seem to be good again.
Unfortunately, I don't this this issue is a joke as something is amiss on the iCloud security side. I've never had any of my accounts hacked until now and I don't use simple passwords nor dictionary words. I'm hoping it was only for a small share of us users, but hopefully Apple investigates this issue.
Why am I not believing this? If your password got changed by someone who hijacked your account through social engineering, or true hacking, you would no longer have access to it anymore, so you couldn't re-change the password. Anyone smart enough to change your password on you would also change the secondary address, credit card info and security questions to lock you out forever (right after they raped the credit card for transferrable iTunes credit). Since you mention none of this, I think we can safely assume none of that happened, so no you weren't hacked by anyone.
As I posted earlier, no hacking is necessary to send email spoofed with your email address. Since bootleg spam address lists are truly gigantic the fact few real contacts also got emails from your spoofed address are statistically reasonable. Now if EVERYONE on your contacts list got he same spam from aspoofed-you you might have had a real problem. But without that you are just ignorant of what the real problems and probabilities of spoofing related actions are.
Since that isn't what you said, and your first paragraph has so many holes from the standpoint of what would have happened had your account really been hacked that it's not reasonably probable, I think we can just agree to disagree and I'll ask you to not make stuff up anymore.
You may wish to remove your personal information from them if you do
Really? Most security questions are laughably easy to answer for just about anyone - go ahead and answer 'em if you like. My point was aimed at those complaining that the questions Apple was asking were too easy to guess. Instead of fussing at Apple to change the questions, it's far easier (and far more secure) to just change the way you answer them....
Quote:
Originally Posted by DocNo42
Perhaps he's not as overzealous as he thinks?
http://xkcd.com/936/
That is the most amusing read I have had for the day! I guess it is just about time for us to start using common words in passwords again. Geesh. I sometimes forget the passowords I make for certain sites.
Extreme phishing
What should I do? It sure looks real, but I'm in a sharing mood. If anyone is bored and wants to claim the 2M for themselves it will be fine with me. I never really liked Cynthia anyway.
ZENITH BANK INTERNATIONAL PLC.
Zenith Holdings Plc
8 Canada Square.
Victoria Island Lagos Airport
Road E14 5HQ. Nigeria.
Telephone: (+234-8082406316)
Attention: Attention: Attention,
I know this letter will come to you as surprise one but I want you to read
this with maturity. This day, one Mrs. Cynthia Edward, came to my office
to let us know that you are DEAD, and before your death, you instructed
her to come for the claim of your funds in the tune of US$2, Million that
was long abandoned in your name with this bank (ZENITH INTERNATIONAL BANK
PLC) this is what we want to verify from you before we make the payment to
who came for the claim.
(:I) Did you authorize Mrs. Cynthia Edward to come for your claim?
(ii) Are you truly Dead OR Alive?
If (NO) you are hereby advice as a matter of urgency to reconfirm the
details of this message within 24hours, hence your funds shall be wired
into her account without any more delay.
Lastly, you are advice to reconfirm the details of this message and get
back immediately with these information\'s
Below..
1. Full name:................
2. Direct telephone number:...
3. Address:.................... ..........
4. Your personal identification to enable us confirms you are not dead.
This information\'s above must be provided for reconfirmation to Enable us
make payment to you, hence, your funds will be remit/wire into her account
as already provide to this management.
We wait for your urgent response today. You need to act very fast, because
if this bank wait for your urgent reply within three working days and did
not received any message from you, you will be consider dead, and your
funds will be transfer to Mrs. Cynthia Edward.
Here is an account provide by Mrs. Cynthia Edward to this bank, are you
also the one who ask her to provide this bank account to us?
Washington Mutual Bank
2075 S. Victoria Ave
Ventura, CA 93003
800 788-7000
Acct. name: Mrs. Cynthia Edward.
Type: Checking
ABA # 322271627
Acct # 1951204345
Amount: US$2, Million.
Furthermore, this bank discovered that you have been dealing with some bad
eggs officials whom SCAMED some money from you without doing the right
thing, Be advice to STOP further communication with them, your funds is
now approved for payment, follow the right procedure now.
This message demand urgent attention, the bank is waiting to hear from
you; do call this below direct number.
Mobile Direct Hot Line: (+234-8082406316)
Regards,
Mr. Jim Ovia.
Head of Accounting Operations
(ZENITH INTERNATIONAL BANK PLC)