Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • hubb
    • By hubb 15th Jun 17, 9:54 AM
    • 1,748Posts
    • 344Thanks
    hubb
    How did someone use my Apple ID ?
    • #1
    • 15th Jun 17, 9:54 AM
    How did someone use my Apple ID ? 15th Jun 17 at 9:54 AM
    I was emailed by Apple that someone with a strange username had signed into my account with an ipod (which I do not own) and that they were suspicious that it was fraudulent. It was so I went to my account (not via the email just incase) and changed my password. But my main concern is how did someone else get my email, and more importantly my password to sign into my account ? I checked the email was legit which it was as they addressed it to my name, not just "dear customer" or something like these scams use.
Page 1
    • another casualty
    • By another casualty 15th Jun 17, 10:53 AM
    • 2,557 Posts
    • 3,947 Thanks
    another casualty
    • #2
    • 15th Jun 17, 10:53 AM
    • #2
    • 15th Jun 17, 10:53 AM
    Could it be a family member ? Home sharing ?
    • simonineaston
    • By simonineaston 15th Jun 17, 10:54 AM
    • 72 Posts
    • 21 Thanks
    simonineaston
    • #3
    • 15th Jun 17, 10:54 AM
    • #3
    • 15th Jun 17, 10:54 AM
    Ask Apple for more info.
    • hubb
    • By hubb 15th Jun 17, 11:11 AM
    • 1,748 Posts
    • 344 Thanks
    hubb
    • #4
    • 15th Jun 17, 11:11 AM
    • #4
    • 15th Jun 17, 11:11 AM
    No family member, just me.
    • angryparcel
    • By angryparcel 15th Jun 17, 11:48 AM
    • 749 Posts
    • 405 Thanks
    angryparcel
    • #5
    • 15th Jun 17, 11:48 AM
    • #5
    • 15th Jun 17, 11:48 AM
    have you mentioned the ID to anyone or send it to anyone through email
    • I have spoken
    • By I have spoken 15th Jun 17, 12:18 PM
    • 4,782 Posts
    • 9,500 Thanks
    I have spoken
    • #6
    • 15th Jun 17, 12:18 PM
    • #6
    • 15th Jun 17, 12:18 PM
    I suspect the Apple email was a phishing attempt, you'd need to look at the trace of where it came from.
    • kwikbreaks
    • By kwikbreaks 15th Jun 17, 12:36 PM
    • 8,719 Posts
    • 4,357 Thanks
    kwikbreaks
    • #7
    • 15th Jun 17, 12:36 PM
    • #7
    • 15th Jun 17, 12:36 PM
    A very common way any id and password gets compromised is through phishing. You seem to be aware of the risk now but could you have been careless in the past? Or this one could still be a scam even with your name included - https://www.theguardian.com/money/2016/apr/23/iphone-ipad-icloud-scam-storage-login
    Carefully checking where anylogin link from it would take you would be instructive.

    Another possibility if you used the same user/password combination in more than one place is that a site you've used has been hacked and your details sold. https://haveibeenpwned.com/ lists many known security breaches.

    Finally and least likely imo is that you have a key logger lurking on one of your machiches so a Malwarebytes scan wwouldn't go amiss.
    • almillar
    • By almillar 15th Jun 17, 1:08 PM
    • 6,877 Posts
    • 2,733 Thanks
    almillar
    • #8
    • 15th Jun 17, 1:08 PM
    • #8
    • 15th Jun 17, 1:08 PM
    Either this:
    I suspect the Apple email was a phishing attempt, you'd need to look at the trace of where it came from.
    >what is the email address this 'appeared' to come from?

    or this
    someone with a strange username had signed into my account
    *Attempted to*. Read the email carefully again. If that's the case, I could guess john.smith@hotmail.com and *attempt to* sign into his account. You did right by not clicking any links in the email of course.
    • DavidP24
    • By DavidP24 15th Jun 17, 1:20 PM
    • 1,730 Posts
    • 1,043 Thanks
    DavidP24
    • #9
    • 15th Jun 17, 1:20 PM
    • #9
    • 15th Jun 17, 1:20 PM
    I was emailed by Apple that someone with a strange username had signed into my account with an ipod (which I do not own) and that they were suspicious that it was fraudulent. It was so I went to my account (not via the email just incase) and changed my password. But my main concern is how did someone else get my email, and more importantly my password to sign into my account ?

    I checked the email was legit which it was as they addressed it to my name, not just "dear customer" or something like these scams use.
    Originally posted by hubb
    You are kidding, anybody who has bought the TalkTalk, eBay, Amazon or Yahoo hacked data knows your name, probably your date of birth, postcode and even parts of your debit card, bank account and more.

    If you want to PM me the header I can verify the sender, or you can pull out the right IP address yourself and see if it legit, for example if the authenticated (not faked) sender was 17.151.1.45

    https://who.is/whois-ip/ip-address/17.151.1.45

    Registered to:

    OrgName: Apple Inc.
    OrgId: APPLEC-1-Z
    Address: 20400 Stevens Creek Blvd., City Center Bldg 3
    City: Cupertino
    StateProv: CA
    PostalCode: 95014
    Country: US
    RegDate: 2009-12-14
    Updated: 2011-03-08



    Authentication-Results: mx.google.com;
    spf=pass (google.com: domain of noreply@apple.com designates 17.151.1.45 as permitted sender) smtp.mailfrom=noreply@apple.com;
    dkim=pass header.i=@apple.com

    Even if it IS Apple you need to take care, make sure you have no malware on your PC doing key logging or dubious Apps on your phone.

    Often they do not know your details but try to log in thus generating the email, you then change password and a keylogger picks that up, I am not saying that happened to you, just so not rush into anything. do NOT follow any links in the email that was sent to you.

    if your account was used then maybe you had a weak password that you had used elsewhere.

    Maybe you saved it in your browser (which is not secure).

    If you did follow a link in the email and changed your password you better go to Apple via this link

    https://Apple.com

    and change it (again),
    Thanks, don't you just hate people with sigs !
    • hubb
    • By hubb 15th Jun 17, 8:18 PM
    • 1,748 Posts
    • 344 Thanks
    hubb
    A very common way any id and password gets compromised is through phishing. You seem to be aware of the risk now but could you have been careless in the past? Or this one could still be a scam even with your name included - https://www.theguardian.com/money/2016/apr/23/iphone-ipad-icloud-scam-storage-login
    Carefully checking where anylogin link from it would take you would be instructive.

    Another possibility if you used the same user/password combination in more than one place is that a site you've used has been hacked and your details sold. https://haveibeenpwned.com/ lists many known security breaches.

    Finally and least likely imo is that you have a key logger lurking on one of your machiches so a Malwarebytes scan wwouldn't go amiss.
    Originally posted by kwikbreaks
    No, I never follow links from emails as very aware of phishing.
    .
    Last edited by hubb; 15-06-2017 at 9:43 PM.
    • Sharon87
    • By Sharon87 15th Jun 17, 11:19 PM
    • 3,499 Posts
    • 2,966 Thanks
    Sharon87
    Was the apple email real? I have seen a lot of convincing looking phishing emails from Apple/iTunes before saying someone's bought something. The email looks very convincing, I think it even had my name (my name is also in my email, so easy to know!)

    If it's real, then there are many ways people to get into your account - your computer's been compromised or a company's computer with your information on has been compromised (which has happened a lot recently!) and as others have said, if you use the same username/password combo, then someone's chanced it to see if it works.
    • Strider590
    • By Strider590 16th Jun 17, 8:29 AM
    • 11,167 Posts
    • 6,207 Thanks
    Strider590
    I would say it was a phishing email and if OP followed a link to change their account details, then they've fallen for it.
    Having the last word isn't the same as being right.......

    "Never confuse education with intelligence"
    • surfsister
    • By surfsister 16th Jun 17, 9:57 AM
    • 7,200 Posts
    • 10,684 Thanks
    surfsister
    yes I've had loads of these and I don't even use apple!!

    a tip I was told to stay secure never click on a link in an email but type into the bar at the top to go in securely.

    I also get tax ones - here is a tax scam at the moment to get bank details.
    • DavidP24
    • By DavidP24 16th Jun 17, 10:22 AM
    • 1,730 Posts
    • 1,043 Thanks
    DavidP24
    Exactly, sometimes they may even take you to a benign page, your response is enough for them to improve the list by confirming you have an apple device, they then sell that subset of data on.

    Same applies to the emails that suggest your Nat West, Lloyds, Barclays, HSBC account has been hacked, by following a link you simply tell them you are responsive and that you have the appropriate account.
    Thanks, don't you just hate people with sigs !
    • hubb
    • By hubb 16th Jun 17, 11:21 AM
    • 1,748 Posts
    • 344 Thanks
    hubb
    Here is the exact text but it does display my full name as well as email address, something all phishing emails in the past have failed to do.

    Dear **********,
    Your Apple ID (*******@gmail.com) was used to sign in to iMessage on an iPod named “ossex's iPhone”.
    Date and Time: 14 June 2017, 8:59 AM PDT
    Operating System: iOS 6.1.6
    If the information above looks familiar, you can disregard this email.
    If you have not recently signed in to an iPod with your Apple ID and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.
    Sincerely,
    Apple Support


    Apple ID | Support | Privacy Policy
    Copyright © 2017 Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. All rights reserved.
    • angryparcel
    • By angryparcel 16th Jun 17, 11:32 AM
    • 749 Posts
    • 405 Thanks
    angryparcel
    Here is the exact text but it does display my full name as well as email address, something all phishing emails in the past have failed to do.

    Dear **********,
    Your Apple ID (*******@gmail.com) was used to sign in to iMessage on an iPod named “ossex's iPhone”.
    Date and Time: 14 June 2017, 8:59 AM PDT
    Operating System: iOS 6.1.6
    If the information above looks familiar, you can disregard this email.
    If you have not recently signed in to an iPod with your Apple ID and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.
    Sincerely,
    Apple Support


    Apple ID | Support | Privacy Policy
    Copyright © 2017 Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. All rights reserved.
    Originally posted by hubb
    that means nothing and will look genuine, what you need is the email header information that will show the original senders IP

    This is what a header will look like. this is one i got from a spammer based in china

    From - Mon Jun 12 16:48:27 2017
    X-Account-Key: account3
    X-UIDL: UID5085-1393420719
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    X-Mozilla-Keys:
    Return-Path: <neha@blackyun.net>
    Delivered-To: ****@****-*****.co.uk
    Received: from *****.******.info
    by *****.******.info(Dovecot) with LMTP id Mj8cG5C3PlnfKwAAS9ey6w
    for <****@****-*****.co.uk>; Mon, 12 Jun 2017 16:47:28 +0100
    Return-path: <neha@blackyun.net>
    Envelope-to: ****@****-*****.co.uk
    Delivery-date: Mon, 12 Jun 2017 16:47:28 +0100
    Received: from mx026.blackyun.net ([59.110.20.214]:35138)
    by *****.******.info with esmtp (Exim 4.89)
    (envelope-from <neha@blackyun.net>)
    id 1dKRYg-0002rd-NW
    for ****@****-*****.co.uk; Mon, 12 Jun 2017 16:47:28 +0100
    Received: from mx026.blackyun.net (localhost [127.0.0.1])
    by mx026.blackyun.net (Postfix) with ESMTPA id 45E5518B9A4
    for <****@****-*****.co.uk>; Mon, 12 Jun 2017 23:08:45 +0800 (CST)
    To: ****@****-*****.co.uk
    Message-ID: <4ea11cb52ad52348b85ab1b1241b9e54@mx026.blackyun.n et>
    Date: Mon, 12 Jun 2017 22:58:05 +0800
    From: "Selina" <toys1258@126.com>
    Reply-To: toys1258@126.com
    MIME-Version: 1.0
    X-Mailer-LID: 1279
    List-Unsubscribe: <http://mx026.blackyun.net/unsubscribe.php?M=21449726&C=694fa3b26e5020c56ec0c 41ce4fdcb11&L=1279&N=1258>
    X-Mailer-RecptId: 21449726
    X-Mailer-SID: 1258
    X-Mailer-Sent-By: 13
    Content-Type: multipart/mixed; charset="UTF-8"; boundary="b1_2ab86b6110e8255bdd6367a5a8106562"
    Content-Transfer-Encoding: 8bit
    Content-Disposition: inline
    X-Spam-Status: Yes, score=13.7
    X-Spam-Score: 137
    X-Spam-Bar: +++++++++++++
    X-Spam-Report: Spam detection software, running on the system "greywood.serverrackone.info",
    has identified this incoming email as possible spam. The original
    message has been attached to this so you can view it or label
    similar future email. If you have any questions, see
    root\@localhost for details.

    Content preview: Re: Factory direct Wholesale HAND SPINNER and FIDGET CUBE
    My Dear Friend , This is Selina from China,I know that you are in field of
    TOYS,I'd like to recommend you our product. [...]

    Content analysis details: (13.7 points, 3.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
    See
    http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
    for more information.
    [URIs: blackyun.net]
    2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
    [59.110.20.214 listed in psbl.surriel.com]
    1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
    [URIs: blackyun.net]
    0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
    (toys1258[at]126.com)
    -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
    domain
    0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
    (toys1258[at]126.com)
    0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
    domains are different
    -0.0 SPF_PASS SPF: sender matches SPF record
    4.2 BAYES_80 BODY: Bayes spam probability is 80 to 95%
    [score: 0.8399]
    1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
    above 50%
    [cf: 100]
    0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
    0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
    [cf: 100]
    1.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
    freemail headers are different
    1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
    freemails
    X-Spam-Flag: YES
    Subject: ***SPAM*** Re:re:Re(2):your order of Hand Spinner

    --b1_2ab86b6110e8255bdd6367a5a8106562
    Content-Type: multipart/alternative;
    boundary="b3_2ab86b6110e8255bdd6367a5a8106562"

    --b3_2ab86b6110e8255bdd6367a5a8106562
    Content-Type: text/plain; format=flowed; charset="UTF-8"
    Content-Transfer-Encoding: 8bit
    • hubb
    • By hubb 16th Jun 17, 11:55 AM
    • 1,748 Posts
    • 344 Thanks
    hubb
    I'm sorry but I don't know how to find this info. Windows live mail is not showing it.
    • donnac2558
    • By donnac2558 16th Jun 17, 11:56 AM
    • 2,242 Posts
    • 1,858 Thanks
    donnac2558
    Netflix phishing scams now doing the rounds as well. Loads of Amazon cancelling your order ones too.

    I have had the Apple one as well and don't even own an Apple. Just deleted without opening.
    • DavidP24
    • By DavidP24 16th Jun 17, 12:04 PM
    • 1,730 Posts
    • 1,043 Thanks
    DavidP24
    Here is the exact text but it does display my full name as well as email address, something all phishing emails in the past have failed to do.

    Dear **********,
    Your Apple ID (*******@gmail.com) was used to sign in to iMessage on an iPod named “ossex's iPhone”.
    Date and Time: 14 June 2017, 8:59 AM PDT
    Operating System: iOS 6.1.6
    If the information above looks familiar, you can disregard this email.
    If you have not recently signed in to an iPod with your Apple ID and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.
    Sincerely,
    Apple Support


    Apple ID | Support | Privacy Policy
    Copyright © 2017 Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. All rights reserved.
    Originally posted by hubb
    I did explain that there is enough hacked info out there from hacked TalkTalk and other data.

    You may see a link as https://appleid.apple.com but the hyperlink under it may be elsewhere.

    In the first instance, get the email header, if you are not sure how, google the name of your email client and Email Header, e.g.

    Thunderbird email header
    Gmail email header
    Yahoo email header
    Hotmail email header

    etc

    As you use gmail see this

    https://support.google.com/mail/answer/29436?hl=en

    Then verify the IP to begin with.

    If it IS Apple then you have a security issue elsewhere, as explained in my previous posts.
    Thanks, don't you just hate people with sigs !
    • angryparcel
    • By angryparcel 16th Jun 17, 12:11 PM
    • 749 Posts
    • 405 Thanks
    angryparcel
    I'm sorry but I don't know how to find this info. Windows live mail is not showing it.
    Originally posted by hubb
    To view all an email message's headers in Windows Live Mail, Windows Mail or Outlook Express:

    1) Highlight the message in the Windows Live Mail, Windows Mail or Outlook Express message list.
    2) Click on the message with the right mouse button.
    3) Select Properties from the context menu.
    4) Switch to the Details tab.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

4,566Posts Today

8,759Users online

Martin's Twitter
  • RT @kcbelsham: @MartinSLewis . This Account would have to pay at least 12% to achieve £1 million in 35 years . Any ideas ( think it is impo?

  • Really? The highest interest rate amount for that volume of cash currently is 2%? You'd need an interest rate explo? https://t.co/6YRk1wLdTl

  • Today's Twitter poll: Is it acceptable to take your shirt off and go topless in the street when it's scorching in the UK?

  • Follow Martin