AMITIAE - Thursday 26 May 2016

Cassandra: Phishing for Apple - Same Source, New Approach, Same Result

apple and chopsticks


By Graham K. Rogers


Following on from a phishing attempt that I wrote about a couple of days ago, these people are persistent, but they have switched tack. Over the last couple of days I had a couple of similar emails which were marked as Junk.

This morning, two mails arrived with a slightly different approach. As before, the message uses an email account that is linked to my website and that is all I use it for. Real messages from Apple use different accounts.

The message is similar (if reworded):

Apple Global Service Exchange

Your account has been deactivated.

For reactivate your account please download attached file.

If you need additional help, contact Apple Support.

Viewable by these GSX Roles: Admin, Apprentice, Manager,Technician,SPS

If you are going to try to catch unsuspecting users, it might be good to start with the grammar and punctuation (Apple usually does). The difference with this message was that, instead of a straight-forward link to a (spurious) site, this message had an HTML file as attachement.

QuickLook showed me the details of this

Gone phishing

Needless to say, I did not sign in.

Taking the same approach as I had with the earlier messages, I checked the raw source of the message and it was sent from the same IP number again using Microsoft applications. Interestingly, also like the message before, the return email address is shown as "", not "no-reply"

No, no, no.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. He is now continuing that in the Bangkok Post supplement, Life.



Made on Mac

For further information, e-mail to

Back to eXtensions
Back to Home Page

All content copyright © G. K. Rogers 2016