The Kaspersky Lab researchers provide us with an example of an e-mail, identified using their anti-spam system, that at first glance came from Apple. The text of the e-mail in question invites users to fill in a form in order to prevent their account from being frozen and deleted after three days. Obviously, the form you are asked to fill in has nothing to do with Apple, but is a simple ploy to induce you to hand over your data to the criminals without hesitation.
But how to recognise these fake e-mails? Even just from the sender’s address you can tell that something is wrong: in the case presented by Kaspersky lab, the address had several suspicious numbers, which could not be justified for an e-mail of this kind, as well as bearing the wording ‘RE’ in the subject field, which identifies a reply message and should not be present in this case as the first message received. Fraudsters use this ploy to prevent their e-mails from ending up in spam. Even if all this escapes your notice, the text of the e-mail usually bears further clues as to the malicious nature of the message itself: in the header, the writer refers to the user not by his full name but by his e-mail address (e.g. ‘Dear email@example.com’); no company then sends intimidating messages, with threats to block the account or similar suspicious requests. Another alarm bell should ring if you check the link to the form: if you hover your mouse over it, you will see that it does not lead to Apple’s official website, but to a domain that has nothing to do with it.
For the sake of clarity, here is the ‘incriminating’ e-mail