Two unrelated incidents? Maybe.
The other day, after having lunch with a friend, I happened to check my email. There were two messages from Apple’s iCloud service, which I’ve been a user of since its first incarnation more than 10 years ago.
I should mention first that I actively use about six different email addresses and have another six or so more that I seldom check or use. The bulk of my email comes to a throw-away address on one of my domain names. Only good friends, family members, and important folks like my divorce lawyers have my keeper email addresses, including the one on Apple’s servers which I use with the @mac.com domain.
The messages were from Apple and I’m pretty sure they were real. Here’s the first:
In case you can’t read it, it tells me that I recently initiated a password reset for my Apple ID and gives me a link to reset my password.
I looked at the URL in the link. It looked real. But I didn’t click it. I didn’t need to. I hadn’t initiated a password reset for my account.
Apparently, someone else had.
I have to admit that I first thought of my wasband and the desperate old whore he’s living with these days. Back in January or February, they’d hacked into one of my old investment accounts, probably searching for funds for their never-ending legal battle to steal what I’ve worked hard for my whole life. I’d found out because they’d actually gotten in — I’d been foolish enough to put his name on the account when I thought I could trust him — and changed the security questions for the account. I’d been automatically emailed about the change by the investment company, thus exposing their little trespass into an account my wasband knew was mine. Fortunately, there was nothing in there for them to take. Not long afterward, I discovered that I’d been locked out of another investment account because of too many incorrect login attempts. His name is not on that one so they couldn’t get in.
I couldn’t see any reason why they’d want to hack into my Apple account, though, other than to possibly access privileged communications between me and my lawyer. What would that get them, though? Unless they’re concerned about legal action by me against my wasband for his lies under oath in court?
About 25 minutes later, another message from Apple came through. This one told me that they couldn’t reset the password because too many unsuccessful attempts to answer my security questions.
Whoever was trying to hack my account was apparently rather determined. But why? Could some hacker be trying to access my credit card information on Apple’s account? I don’t store naked selfies — or anything else that should be kept private — on iCloud to leak onto the Internet.
I should mention here that both messages came to my throwaway email account, which is set up on my Apple account as a backup email contact. Obviously, if I didn’t have a backup email account, Apple couldn’t email me instructions for resetting my password on an account I couldn’t access. It seemed to me that security on the Apple servers had protected my account.
Overnight, another message came in. This was definitely not from Apple.
How do I know at a glance that it isn’t from Apple? Let me count the ways:
- Dear Customer. A legitimate email message from an organization you do business with should always be addressed to your name. Not even to an email address.
- Message was from “Service Apple ID.” Who? The address for that account was email@example.com. Yeah, like I believe that’s Apple.
- Link was to a page on chatkajamnika.com. No, I didn’t click the link to see it. If you point to a link in the Mail app, a tip comes up with the full URL inside it. ALWAYS check links before clicking them.
- Typos. Apple doesn’t have typographical or grammatical or punctuation errors in its messages.
What seriously creeped me out about this is that it also went to my throwaway account.
Now my throwaway account is “throwaway” for a reason. It’s the email address I use to sign up for things. As such, it’s subject to spam. The idea is that when incoming spam reaches a critical mass, I throw away the account and create a new one for the same purpose.
There is definitely a chance that the person who sent this message sent them out to everyone they could, hoping that some of them would have Apple IDs associated with the account and click the link. But what worries me is that it came on the same day that my actual Apple account was attacked. Coincidence? I don’t know, but I don’t like it. Still, I know my Apple account is secure, so I’m not losing sleep over it.
But I do want to spread the word.
Have you gotten messages like this? At least one of my Facebook friends has. Could this be a coordinated attack against people with Apple IDs? Perhaps a way to get access to their data for use with the Apple Pay system? Or something else?
I might never know. But if you have any insight about this, please do share it — or at least point me to a reliable source of information with real answers.
Apple, as we all know, is pretty much impossible to reach.