Now I have been using personal computers since the 80’s, and I consider myself a reasonably intelligent woman. I have also been recognizing and trashing phishing emails for at least 15 years. At least. Emails that look like they come from banks, some from banks that aren’t my bank. Those ones are obvious. And emails that look like they come from my credit card company. Then, of course, all those emails from people asking for help or donations. These are also obvious.
Many phishing emails have similar things in common. 1. The graphics are a bit wonky–not lining up or not great quality. As a former graphic designer, these are things that I notice. 2. The text never seems to flow properly. There are often strange line breaks and gaps. And 3. The language, spelling and grammar are very poor. These are also things I notice even though my grammar is far from perfect and I am a terrible speller. If these things are so bad that I notice them, then there really is something wrong.
My strategy had always been to not engage and immediately trash these types of communications. Just like I would hang up on robocalls or callers claiming to be from my bank, credit card company, Canada Revenue, etc. I was pretty cocky about this and couldn’t for the life of me figure out how anyone could be taken in.
Then I received a receipt for the purchase of a monthly video game subscription from Apple. It said it was from Apple. It looked just like my previous receipts, or at least it did at first glance. I buy books from Apple that I read on my iPad, so I am used to getting receipts on a regular basis.
Wait a minute, I thought while doing a double-take. What’s this? I didn’t purchase this! Then I looked closer and realized that the receipt was connected to my old Apple account, which was disabled a couple of years ago. This in itself is a bit of a story. I had upgraded my phone and decided to take the SIM card out of my old iPhone and donate it to charity. Before that old iPhone, I had owned a flip phone and removing the SIM card also removed all my information. Not the case with smart phones. All the information was stored on the cloud so the phone also required a factory reset, something I was unaware of. When a new owner put a new SIM card in my old iPhone, all my information was there and that person had access to my apple account and began to change things. Boy did I feel dumb. Luckily, Apple had my back.
It took two weeks of back and forth with an excellent Apple Customer Service Representative, who actually called me several times during this period, to finally sort things out. The first thing he did was lock down the old phone and my account until I could prove that I was who I was and owned a new phone. Then he helped me create a new account, linked to a new email because Apple accounts are identified by email addresses. Afterwards he gave me walk-through support on how to retrieve my data, photos, contacts etc. from the old account before disabling it.
Excellent is an understatement whenever I try to describe the level of service I received from Apple back then. So I was shocked to see this account active. Holy crap, I thought. Someone has access to my old account again. Someone is actually purchasing products using my old Apple account. Shit! Shit! Shit! Shit! Shit!
At the bottom of this Apple receipt was the sentence: If you did not authorize this purchase, please visit cancel and manage purchasing to cancel this order with “cancel and manage purchasing” being a blue link. Additional sentences stating that I could contact Apple for a full refund within x amount of days, yadda, yadda, yadda, made everything look and sound very legit.
So what did I do? I clicked the cancel and manage purchasing link. This took me to a webpage that was identical to any Apple site page that I had ever seen. It was pristine and perfect. Absolutely beautiful as all apple webpages are. As I mentioned before, I had an eye for this stuff. The only thing that stopped me from going any further was the fact that I no longer remembered my password for that old Apple account.
What did I do next? I decided to contact Apple and searched back through those two-year-old support emails to make sure I had the correct support link. Within five minutes of reporting my issue to Apple, my phone range. I was asked if I wanted to hold for a representative or make an appointment for one to call me back. I chose to hold. Within another five minutes, I was connected to a representative. The first thing he did after hearing my story was have me look at the email of the receipt. “Who is it from?” he asked. Then clarified his question, “what is the email address?” The word Apple was definitely in the From tab; but when I clicked it to see the actual sending address, it was not Apple. It was a scam. Boy did I feel dumb. “That’s not us,” he said. To prove it, he had me do the same thing to a real receipt email. Then to reassure me that my old account wasn’t breached, he checked it to make sure nothing had been charged to it. Thank you Apple.
How far would I have gone if I had remembered my old password? Would I have given them too much information? I would like to think not. I would like to think that common sense would have prevailed and I would have clued in, but I now have doubts. These scammers are getting smarter and I am getting older and apparently dumber. I plan to look closer now and double check everything. Once I compared the fake receipt to previous real ones on my large monitor instead of the small screen of my iPhone, the differences were obvious. I currently have that dodged-a-bullet feeling. I think I will hold on to it for a while. It will remind me to be vigilant. And to lose the cocky attitude.
Thanks for reading. Feel free to share. You never know, this information may help someone else. And I don’t mind the world thinking I was dumb.