An Apple ID Hack Attempt

Two unrelated incidents? Maybe.

The other day, after having lunch with a friend, I happened to check my email. There were two messages from Apple’s iCloud service, which I’ve been a user of since its first incarnation more than 10 years ago.

I should mention first that I actively use about six different email addresses and have another six or so more that I seldom check or use. The bulk of my email comes to a throw-away address on one of my domain names. Only good friends, family members, and important folks like my divorce lawyers have my keeper email addresses, including the one on Apple’s servers which I use with the @mac.com domain.

The messages were from Apple and I’m pretty sure they were real. Here’s the first:

Hack Attempt 1
First message I got warning of a hack attempt.

In case you can’t read it, it tells me that I recently initiated a password reset for my Apple ID and gives me a link to reset my password.

I looked at the URL in the link. It looked real. But I didn’t click it. I didn’t need to. I hadn’t initiated a password reset for my account.

Apparently, someone else had.

I have to admit that I first thought of my wasband and the desperate old whore he’s living with these days. Back in January or February, they’d hacked into one of my old investment accounts, probably searching for funds for their never-ending legal battle to steal what I’ve worked hard for my whole life. I’d found out because they’d actually gotten in — I’d been foolish enough to put his name on the account when I thought I could trust him — and changed the security questions for the account. I’d been automatically emailed about the change by the investment company, thus exposing their little trespass into an account my wasband knew was mine. Fortunately, there was nothing in there for them to take. Not long afterward, I discovered that I’d been locked out of another investment account because of too many incorrect login attempts. His name is not on that one so they couldn’t get in.

I couldn’t see any reason why they’d want to hack into my Apple account, though, other than to possibly access privileged communications between me and my lawyer. What would that get them, though? Unless they’re concerned about legal action by me against my wasband for his lies under oath in court?

About 25 minutes later, another message from Apple came through. This one told me that they couldn’t reset the password because too many unsuccessful attempts to answer my security questions.

Hack Attempt 2
This message told me that someone had gone so far as to attempt to answer my security questions.

Whoever was trying to hack my account was apparently rather determined. But why? Could some hacker be trying to access my credit card information on Apple’s account? I don’t store naked selfies — or anything else that should be kept private — on iCloud to leak onto the Internet.

I should mention here that both messages came to my throwaway email account, which is set up on my Apple account as a backup email contact. Obviously, if I didn’t have a backup email account, Apple couldn’t email me instructions for resetting my password on an account I couldn’t access. It seemed to me that security on the Apple servers had protected my account.

Overnight, another message came in. This was definitely not from Apple.

Hack Attempt 3
This message was definitely not from Apple.

How do I know at a glance that it isn’t from Apple? Let me count the ways:

  1. Dear Customer. A legitimate email message from an organization you do business with should always be addressed to your name. Not even to an email address.
  2. Message was from “Service Apple ID.” Who? The address for that account was service@customer.com. Yeah, like I believe that’s Apple.
  3. Link was to a page on chatkajamnika.com. No, I didn’t click the link to see it. If you point to a link in the Mail app, a tip comes up with the full URL inside it. ALWAYS check links before clicking them.
  4. Typos. Apple doesn’t have typographical or grammatical or punctuation errors in its messages.

What seriously creeped me out about this is that it also went to my throwaway account.

Now my throwaway account is “throwaway” for a reason. It’s the email address I use to sign up for things. As such, it’s subject to spam. The idea is that when incoming spam reaches a critical mass, I throw away the account and create a new one for the same purpose.

There is definitely a chance that the person who sent this message sent them out to everyone they could, hoping that some of them would have Apple IDs associated with the account and click the link. But what worries me is that it came on the same day that my actual Apple account was attacked. Coincidence? I don’t know, but I don’t like it. Still, I know my Apple account is secure, so I’m not losing sleep over it.

But I do want to spread the word.

Have you gotten messages like this? At least one of my Facebook friends has. Could this be a coordinated attack against people with Apple IDs? Perhaps a way to get access to their data for use with the Apple Pay system? Or something else?

I might never know. But if you have any insight about this, please do share it — or at least point me to a reliable source of information with real answers.

Apple, as we all know, is pretty much impossible to reach.

10 thoughts on “An Apple ID Hack Attempt

  1. I agree with Greg about two-factor authentication, not only because of the added login security, but because it would not allow anyone to use your security questions to reset your account. That wouldn’t even be an option for them. Either they’d have to know the password or have physical access to one of your Apple devices.

    As soon as you enable two-factor authentication, the only way someone would be able to reset your password is if they can access the code sent to one of your trusted devices (you decide what these devices are when you set up two-factor authentication – iPhone, iPad, or Mac).

    So even if someone somehow happened to know the answers to your security questions, they wouldn’t be able to gain access to your account.

    (Of course, I hope that the answers to your security answers are random passwords that you store in 1Password, not actual answers to actual questions.)

    Also: f someone phoned Apple Support and tried to convince the support guy on the other end of the line that they are really you, I assume that enabling two-factor authentication would make the support tech look twice at your account before resetting the password for just anyone.

    Side note: I find your comment about how Apple is “impossible to reach” to be a bit… I don’t know. I think you’re aware enough of how many requests Apple would have to deal with if they actually had a way to reach them directly. Surely you understand that it’s not an arrogance issue on their part, it’s simply the reality of their situation and the amount of customers they have.

    • As far as Apple being impossible to reach, if they plan to move forward with Apple Pay and make it work, they’ll need to have a real customer support phone line with people answering the phone. I don’t know about you, but when I give an organization access to my credit card information to make payments for me, I want to be able to pick up the phone and talk to someone if things go south.

      • Any serious problems with Apple Pay that actually affect your bank balance would be an issue with the bank itself, not Apple. (for example, the Bank of America glitch that affected Apple Pay users was an issue with… the Bank of America)

        Apple doesn’t have actual access to your bank account, it just acts as an intermediary by creating tokens and authorizing your purchases with Touch ID. The actual credit card and any fraud or problems with it are still the responsibility of the bank.

        As it happens, Apple does have a real phone line. After you go through the steps on the Support page, there’s an option for an Apple representative / technician to call you.

        If you want to find out who has been accessing your security questions and trying to reset your password, that’s one option.

        There’s also a number you can call at 1-800-APL-CARE.

        • I did finally get to talk to Apple — after I got three more messages showing that someone was trying again to hack into my account. I set up two-step authentication and I feel comfortable that this will make my account more secure. I just hope it doesn’t remove the convenience of using my account the way I normally do.

          I think my frustration lies in the fact that although I can call and get technical support and guidance, there doesn’t seem to be a place I can call to notify them about these attempts on my account. I’m sure I’m not the only one getting them, though, and I do understand that they could quickly be overwhelmed with calls from concerned people like me.

          I guess what I’m trying to say is that I wish they had a fraud Hotline.

          • Did Apple support offer any details as to who is trying to access your account? Or did they just tell you to turn on two-factor authentication?

            • Nope. No help whatsoever. Apparently this is an ongoing problem. I had at least another 6 email message like the ones here since I posted this account of my experience.