A few weeks ago, this blog discussed Phishing Email Purporting to be a Password Reset Notification.
NEVER CLICK on LINKS or ATTACHMENTS in EMAILS
Nearly all phishing uses bait (and you’re the fish). Bait can be subtle, threatening or insulting. Don’t bite. All bait is designed to provoke a reaction: fear, anger, your innate desire to help or solve a problem, etc. Appeals to decency and honesty work because most people want to set things right, even if they did not cause the problem—it’s the desire to help. Don’t let your good side be baited into helping someone hack you.
Why does Apple Mail EVER allow this level of exposure to risk? It is security malfeasance for an email program to present users with such risks. There is near zero virtue in supporting such attachments in email, since the 99.9% case is malware or spam. It’s about time Apple fixed such sloppy security practices in Apple Mail: users should not have to be aware of such risks—the risks should be eliminated.
Below, a bogus return path (email@example.com), unprofessional greeting, incorrect grammar, etc are all giveaways. But what if the hackers aren’t this stupid and the approach has none of those easy to spot faults? See Apple Mail Security: Viewing Mail Headers.
Source code for the ad.