07172019Wed
Last updateFri, 12 Jul 2019 7am

More email link blues

Regular readers of this column already know that my advice is to never ever click on links in emails, and here comes just one more example why.

My phone rings and it is a client asking for help with her iPad. She is having trouble getting it to accept her AppleID password, but she says she knows she is using the correct password.  “I just confirmed it a few days ago,” she says.  “Confirmed?” I asked.  She then told me that she had received an email from Apple asking her to confirm her password and credit card number. She followed the instructions telling her to click on a link in the email.

“Hang up the phone!” I ordered.  “Pick up the phone, call your bank, tell them exactly what you just told me.  DO IT NOW!”  A few hours go by before we speak by phone again.  When we do she tells me her credit card has been used to make thousands of dollars in fraudulent purchases.  The bank could reverse those charges, but the worst part was that the bank immediately canceled her credit card and was sending her a new one.  The reason that was the worst part was that she was about to leave on a trip to the States and canceling that credit card started a domino effect.  Without a credit card she could not make a hotel reservation online, would not be able to use Uber when she got there, and so on.  Clicking on the link in that email certainly resulted in a huge headache for her.

During the post-mortem, I examined that fraudulent email and found that the link led to a beautifully-designed fake copy of the Apple web site.  I cannot show this to readers here in print, but if you see me walking down the street with my laptop, please stop me and I can show you the screen shots.  The fake Apple web page is perfect until you read the address carefully.  It says “apple.appleid-eu.info” which is not a domain name Apple owns.

If you are foolish enough to enter your AppleID and password there, then the crooks now know those.  If you are really foolish, you will confirm your credit card number.  If you are really, really foolish, you will confirm your card’s expiration date and CVC number so the crooks can start shopping with your card.  Unfortunately, my client was really, really, really foolish.

There is a very simple solution to this problem, but unfortunately, it is extremely difficult, almost impossible to achieve.  You just have to have the discipline to remember you must never, never, never, never, never, never, never, never, ever click on links in emails.  Clicking on a link in an email can potentially circumvent all the antivirus and anti-malware protections on your computer.  Clicking on links in emails is not safe and there is absolutely, positively no way to ever make it safe… so do not click on that link!

Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico.  The opinions expressed are his own.  He may be contacted through his web site at SMAguru.com.

No Comments Available