Apple's phishing alert: Too little too late

Two years after the phishing of John Podesta, Apple posted—but did not push—this warning to users: Identify legitimate emails from the App Store or iTunes Store

From a friend of the blog:

Phil, I get this kind of phishing shit constantly. Some of the emails look a lot more authentic than this one. Can Apple do anything to put such criminals behind bars? Does Apple care? Their customers are being preyed upon.

Click to enlarge. 

My take: I take no comfort from the fact that Podesta was using gmail. Any fool can get phished.

Pro tip: Legitimate Apple emails come from


  1. Ken Cheng said:
    My Mail app and gmail already seem to filter out these phishing attempts. They’re always in my junk mailbox. Lately, the return addresses are from Portugal.

    March 1, 2018
  2. Gianfranco Pedron said:
    Tip #2: Never, ever, click on a link in an email asking for account or other personal information. For any other links sent via email, hover the cursor over the link to show the destination address. If it looks suspicious, don’t follow the link. If it doesn’t look suspicious, don’t follow the link. Access the sender’s/requester’s site directly from your browser, not via the link.

    March 1, 2018
  3. Fred Stein said:
    Odd timing:

    We’re talking about phishing that uses Apple’s name to fool people.

    This time of year, the threat is phishing that uses the IRS to fool people. Much bigger issue.

    March 1, 2018
  4. Gregg Thurman said:
    I have my own little identity theft protection strategy.

    In November 2004 I filed personal and corporate bankruptcy. I then scraped $500 together and opened an OptionsXpress account. Knowing nothing about options trading it took me 2 years before I made a profit. Since then I have bought a house, spent $250K restoring it (Historic Register residence), collected several classic cars and furnished my house with period correct furniture (I got nothing [my choice] out of a 2005 divorce). On the strength of my options trading I paid cash for all of it.

    My protection strategy? I’ve done nothing to restore my credit since the bankruptcy. My rating is terrible. Then, just in case, I have a savings account and a checking account. The checking account never has more than needed to cover monthly expenses (about $2500). The savings account is at another banking institution (transferring monies when needed to checking).

    Then I have 2 email accounts. The first is an AOL account I’ve had since 1994. The only time I use it is when I’m required to enter an email online with a new vendor. The other is a address that I use with trusted correspond and web sites.

    Since doing this, and over a 10 year period, the amount of junk mail received has declined dramatically (although I still receive about 25 junk mails per day). The only phishing attempts come through the AOL account. My address, which is 10 years old, is pristine.

    March 1, 2018

Leave a Reply