Jamf Nation Community

ericbenfer · ‎03-17-2015

FYI - There is a GSX account Phishing scam out there.

The "Check your account" button is NOT an Apple site.

mm2270 · ‎03-17-2015

Haha. So obvious its a scam with the horrible half English verbiage. Love that squished Apple logo too - nice touch!
Honestly, this is why these people will always be scammers and never amount to anything. They can't even bother to learn enough of a language to make a convincing phishing scam, which means they are just dolts.

Clean · ‎03-17-2015

I've been getting these periodically and it's always good for a laugh.

I forward each one to reportphishing@apple.com.

davidacland · ‎03-17-2015

We get these quite often, pretty annoying but not much Apple can do about it really.

brad · ‎03-17-2015

I just started getting these a week or two ago. The first one was an announcement of iOS 8.1.4. @Chris.Ball Thanks for posting that, certainly can't hurt to send them Apple's way.

jreinstedler · ‎03-17-2015

Just got one of these today. Wondering if GSX may have been pwned... the email address they sent it to was a specially crafted one used ONLY for GSX, and yet I got the email there. Links resolve to "http://icloudappie.com". Nice.

Simmo · ‎03-17-2015

I've been getting a few of these just recently also.

donmontalvo · ‎03-17-2015

Yea, not sure how these scammers got all our GSX addresses...

https://gsxapp.apple.com/WebApp/resourcesarticle.htm?documentid=SN2573&locale=en_US

--
https://donmontalvo.com

freddie_cox · ‎03-17-2015

Just an FYI - If you had any e-mail accounts that were currently deactivated, it looks like those accounts might now be gone out of your account portal as part of this.

Damien · ‎03-17-2015

I got this 5 minutes after actually emailing Apple about re-activating my account ( due to inactivity )

Kaltsas · ‎03-18-2015

I've been getting these for a few weeks, the non secure, non apple web addresses have been an easy identifier for me (but I've seen so many phishing scams I'm always skeptical of any email that asks me to log in). Though there have been a few that had addresses that almost looked like a legit apple web address. This email address is only used for GSX and Apple's Discussion Board. I had assumed they trawled the discussion board profiles for addresses, not sure how else they would have obtained a not very public service address for me.

adamcodega · ‎03-18-2015

If you need to reactivate a disabled GSX account, like if it was disabled for inactivity or for extra security during the phishing uptick, you'll need to search for the account in GSX. It won't show up when you click People > Users.

If you do a search under the People section and enter the disabled account's email address, it will appear and you can unlock it easily.

blackholemac · ‎11-15-2016

I hate to reawaken this old thread, but I'm getting annoyed at this today! I can see right through these, but they keep coming in and our techs keep asking about them. Instructed folks not to respond to any GSX emails without checking with me first. I have notified Apple numerous times. I'm not seeing much else I can do about them. Does anyone have suggestions beyond that on how to deal with these that you use in your organization ?

talkingmoose · ‎11-15-2016

Not much Apple can do about the spam at this point.

The string "GSX" is fairly unusual and not something you'd find in daily mail conversations.

If you find the spammers are using GSX either in the subject line or body of the message and
The message isn't coming from *.apple.com or a specific address and
You have control over your mail server filters...

You might consider appending a POTENTIAL SPAM warning to the message before delivery.

Keep in mind your filter would catch Jamf Nation and similar messages from other legitimate sources, so be careful.

Jamf Nation Community

GSX Phishing Scam