Beware Fake iCloud or App Store emails

There has been a recent spate of phishing emails purporting to come from Apple. Typically they show some sort of a purchase or subscription that you supposedly bought from Apple. As always, DO NOT CLICK LINKS in emails.

If you want to check your account, do so from within iTunes, or by logging in at iCloud.com or Apple.com yourself.

In the email there are some suspicious indicators if you look for them. First of all, the email is not from the domain apple.com.

Second, the mail addresses you as “Valuable Customer”, not by name.

This email is fake!

The bad guys expect you to be outraged that you are being charged for something you didn’t order — and that you will rashly click on the link they provided.

I don’t know what happens when you do that. Probably, it is a fake imitation of the Apple sign-in page where your credentials will be stolen. However, it may be some kind of attack that takes place merely by visiting the site.

Be safe out there, folks!

Meeting Topic: iTunes 12.7 September 2017

Our MacMAD meeting topic this month is iTunes. There are some interesting changes in the latest version. In particular, Apple has removed the purchase and management of iOS Apps from iTunes. This is a good step in the right direction to make iTunes less complicated and more focused.

Here is tonight’s Keynote presentation.

 

Apple ID Sanity Check

If you will be buying a new Mac or iOS device soon, it really pays to get your ducks in a row as far as your Apple ID goes. Your Apple ID is more important than ever in the new operating systems, Yosemite for the Mac, and iOS 8 for the iPhone and its ilk.

Apple ID Is Your Single Credential for all Things Apple

If you have, or have ever had an iCloud account, Dot-Mac account, or Me.com account, you have an Apple ID.

Your single Apple ID is used for all these things:

  • To access your email
  • To buy music, movies and books & iOS apps from the iTunes Store
  • To login to your computer
  • For instant Messaging and FaceTime
  • To access iCloud, including Photos and Find My iPhone and Find My Mac
  • To buy hardware from store.apple.com
  • To buy Mac software from the App store
  • To sign in to the Apple Support Communities
  • For Apple Pay

I’m probably forgetting something that should be in this list. It’s also used for developer access, if you are a registered developer with Apple.

Decide Which ID You Want To Use

If you’ve been using the Mac for a while, you may have more than one Apple ID. You probably want to settle on a single ID for your on-line life.

If you have been sharing an Apple ID with a significant other, you should get separate IDs. (It’s not that I don’t love you, but how can I send you a message if you don’t have your own ID?) Apple’s family sharing lets you share iTunes purchases with family members with their own accounts, so there’s no reason to use the same ID any longer.

Email Addresses

Although Apple has changed their mind several times about what domain they want users to use for email, they have done a good job of making it transparent. Email sent to [email protected], or [email protected] can be received at [email protected]. John Doe� can also use any of those to log on to his one iCloud account.

Apple could phase those older domains out some day, so use @iCloud as much as possible going forward.

It’s good policy for personal email addresses to belong to one and only one person. Some couples share an email address, but it’s a bad idea. One person can miss an email because the other one read it or deleted it. It can be awkward for your friends who are not sure which person they are addressing in an email. It’s certainly awkward if a couple separates for any reason — Who gets the email address?� And, when the inevitable happens, and one person passes away, it can be extremely weird for you to send, or your friends to receive, email from the account of a dead person.

Use Really Good Password Practices

The strength of your password is the only thing keeping bad guys from buying a new Mac and charging it to your credit card. Since your Apple ID is so important, you want to make sure you have a good password. Don’t use the same password for your Apple ID as you use for any other service! I’d say that 10-12 characters is long enough for a password these days. Make sure your password or simple modifications to it are not in any dictionary.� Mix in some numbers, caps and special characters.

In new installs, your login password on your Mac is� your Apple ID password by default.� That’s a pretty good idea, because it makes� you remember your Apple ID, since you’ll use it every day to login. If you just set up a new Mac, or just installed a new OS from scratch, you’ll likely get to a point where the machine restarts, and you are asked for a login password. If you’re like me, you’ll think “Panic! I don’t know the password because I haven’t created a password for this machine yet.” Well, don’t panic. The login password is your Apple ID password.

For greater protection,� you can enable two-factor authentication (aka two-step verification) for your Apple ID. This provides much better security for your Apple account. It eliminates social engineering attacks where the attacker is able to find out the answers to those lame security questions� (your mother’s maiden name, etc.), and get Apple to reset your password. With Apple’s two-step verification, your security becomes entirely up to you. Apple cannot help you if you forget. You are responsible for remembering your password. You will also be given a recovery code which you are responsible for keeping in a safe place where you can find it if needed.

Two-factor authentication isn’t for everyone. Read the instructions carefully before enabling it. You will have to use application-specific passwords for certain things. Make sure that doesn’t scare you before you commit to the change.