Happy New 2016, Beware of an Apple ID Phishing

Written: January 8, 2016

Welcome to 2016, and I hope that this will be your best year ever.

I just received an official-looking email from Apple with a security notice about a failed login attempt on a device in the UK:

phishing-security-notice

 

My suspicions were alerted so I did a quick look at the email sender, which revealed: infoweb@appleid.net

That’s not an email address coming from the official apple.com domain name, so I was about 90% certain that this was yet another phishing scam to get me to click a link. Step two was to hover over the blue link that they wanted me to click to see what URL they wanted me to land on:

Phishing URL

Phishing URL

OK, now I was 100% certain that this was a phishing scam because the URL is pointing to www.haven24.cool, which is certainly not in any way related to the official apple.com domain name.

This email looked quite official on the surface, but digging a bit deeper on my part instead of blindly clicking the phishing link protected my identity from being stolen and abused.

Tags: ,

Working with Freelancers

Written: December 31, 2015

I’m a freelance web developer and over the years I have built relationships with other freelancers that complement my skill set, and one that I’d like to mention today is Cory Company run by Monica Cory. We first met at the Tualatin Chamber of Commerce and started working together building the web site at www.tualatinchamber.com. Monica continued to send web development work my way, and I have referred copy writing and design gigs back to her. Our relationship is mutual and a win-win, plus our common clients enjoy the combined talents that we have to offer. Monica wrote me a brief note this week that I thought was a wonderful way to end the year 2015 with:

Cory Company

Cory Company

Sites that we’ve worked on together include:

Tags: ,

Menus and Clarity

Written: December 3, 2015

Web site menus can be very helpful or extremely frustrating to visitors, so let’s take a minute to think about how your menus are arranged. Here are some general best practices for menus to consider:

I was working on a web site at www.tualatinlife.com and had a chance to step back and ask myself these same questions. We were having too many menu choices across the page width, so I make the simple decision to group related menu pages under a common top-level menu called Sections. This is a newspaper site, and I knew that visitors were familiar with the concept of newspaper sections, so now there are three drop-down choices under Sections:

tualatin life, menu

 

Another usability issue is that for drop-down menus, visitors do not click the top-level menu, in this case the menu called Sections, because they see the three drop-down choices and intuitively click only the drop-down menus.

The end result for this web site is that we have a cleaner top-level menu structure, and have grouped common pages under the Sections menu.

Another Phishing Scheme, Not Really PayPal

Written: November 30, 2015

I first started using PayPal along with eBay over a decade ago and found that the combination of online payment with shopping was convenient, fast and secure. There’s only one problem with online payment systems, they are a constant target of hackers trying to steal our identity and money. A phishing scheme is something that looks on the surface like a legitimate request from a trusted vendor, like PayPal, but in fact it is really a disguise for the bad guys trying to gain your username and password. Just this morning I received the following official-looking email:

PayPal scam

The logo is an official PayPal logo, but then again anyone can copy and reuse a corporate logo and insert it into an email. Taking a closer look by clicking on the From field in the email I noticed right away that this wasn’t a legitimate message from PayPal:

PayPal from address

PayPal doesn’t use an email address of mcaji8@suddenlink.net, ever. They would use something like security@paypal.com. PayPal does recommend that when you receive a suspicious email to simply forward it to them at spoof@paypal.com.

PayPal does know my real email address, so that should appear in the To field, but in this phishing email it doesn’t:

PayPal to address

See how this fake email is using the same address in both the To and From fields? That’s another give away that this is not a legitimate email message.

The final proof of this malicious email is in the big blue button for: Check it Here. By just hovering my mouse over that button I can tell where it links to, and that shows the bogus address:

PayPal button

Certainly PayPal doesn’t use web addresses like www.uptownpaint.com to ask for my login credentials.

Summary

Be very hesitant to reveal your username and password for any online account, unless you are 100% certain that it is legitimate. By just checking the email fields like To and From, or the action Button you will protect yourself from a phishing scam trying to steal your identity.


Blog Tags

Recent Posts

Blog Directory & Business Pages at OnToplist.com