I’m still not taking these personally.
This is clearly fake…(i.e. Not really from Apple. Looking behind the sender, the address is email@example.com and the link goes to a domain using a Twitter t.co URL shortener. Very unApple-like.)
Again, you’re in for a hard time if you actually click on these things, but hey, it’s a numbers game for these deceitful guys, whatever they’re actually after.
I listened to Susan Glasser’s Global Politico podcast with John Podesta (Clinton campaign manager whose gmail was hacked after a very sophisticated phish) this week and it was interesting to hear his take on the whole thing. He doesn’t blame the assistant who clicked on the link, nor the technical expert she consulted who said it was OK to do so.
Podesta: You know, look, there’s a long, complicated story about that. I had assistants that had access to the link. One of them checked what—one of them saw this question, changed the password, asked our cybersecurity expert. He inadvertently told her to click on it, and she did. So, I don’t blame them. I mean, it was, you know, a fast-moving campaign. It’s easy to say, oh, if you’ve already done this and that and the other thing—I think we’re—I’m, you know, I’ve been around for a while. I’m fairly careful. I don’t just go click on random links, and—but, you know, if—I’m sure that if I had gotten the advice to go ahead and click on it, I probably would have done it, too, so you know, it is what it is. And people make mistakes. And if you look—if you think about it, the Bundestag has been hacked, you know, the Norwegian defense department has been hacked, the White House was hacked by the Russians, and the State Department’s been hacked. It’s like, I think you can’t come back and blame the victim for this. This was a crime; it was painful. You know, I thought I was, you know, had a relatively secure profile. It turned out I didn’t, but a lot of other people have fallen prey to fairly sophisticated hackers that are operating under Russian intelligence. In this case, most likely, from the GRU, but it’s Russian military intelligence. It’s pretty sophisticated, so they did this. So, it is what it is. I can’t really beat myself up or beat my team up over that. I just have to move on, and you know, they committed a crime. I was a victim of the crime.
“It was painful” sounds like an understatement!
I’ve been thinking about what I leave accessible online lately. I try to keep it light and tight, and to download things off the server, (or encrypt tightly and protect what’s left up there). But none of us is immune. And if you read this Motherboard article referred to by John Gruber, Russian Hackers Are Using Google’s Own Infrastructure to Hack Gmail Users you too might start to see gmail might just be a bad place to be, despite their wonderful security (these days) and legal teams protecting your privacy etc etc.
Anyway, take care.