Posted on 03-17-2015 12:27 PM
FYI - There is a GSX account Phishing scam out there.
The "Check your account" button is NOT an Apple site.
Posted on 03-17-2015 12:37 PM
Haha. So obvious its a scam with the horrible half English verbiage. Love that squished Apple logo too - nice touch!
Honestly, this is why these people will always be scammers and never amount to anything. They can't even bother to learn enough of a language to make a convincing phishing scam, which means they are just dolts.
Posted on 03-17-2015 01:10 PM
I've been getting these periodically and it's always good for a laugh.
I forward each one to reportphishing@apple.com.
Posted on 03-17-2015 02:01 PM
We get these quite often, pretty annoying but not much Apple can do about it really.
Posted on 03-17-2015 03:11 PM
I just started getting these a week or two ago. The first one was an announcement of iOS 8.1.4. @Chris.Ball Thanks for posting that, certainly can't hurt to send them Apple's way.
Posted on 03-17-2015 04:52 PM
Just got one of these today. Wondering if GSX may have been pwned... the email address they sent it to was a specially crafted one used ONLY for GSX, and yet I got the email there. Links resolve to "http://icloudappie.com". Nice.
Posted on 03-17-2015 05:03 PM
I've been getting a few of these just recently also.
Posted on 03-17-2015 05:36 PM
Yea, not sure how these scammers got all our GSX addresses...
https://gsxapp.apple.com/WebApp/resourcesarticle.htm?documentid=SN2573&locale=en_US
Posted on 03-17-2015 06:30 PM
Just an FYI - If you had any e-mail accounts that were currently deactivated, it looks like those accounts might now be gone out of your account portal as part of this.
Posted on 03-17-2015 07:48 PM
I got this 5 minutes after actually emailing Apple about re-activating my account ( due to inactivity )
Posted on 03-18-2015 05:47 AM
I've been getting these for a few weeks, the non secure, non apple web addresses have been an easy identifier for me (but I've seen so many phishing scams I'm always skeptical of any email that asks me to log in). Though there have been a few that had addresses that almost looked like a legit apple web address. This email address is only used for GSX and Apple's Discussion Board. I had assumed they trawled the discussion board profiles for addresses, not sure how else they would have obtained a not very public service address for me.
Posted on 03-18-2015 08:07 AM
If you need to reactivate a disabled GSX account, like if it was disabled for inactivity or for extra security during the phishing uptick, you'll need to search for the account in GSX. It won't show up when you click People > Users.
If you do a search under the People section and enter the disabled account's email address, it will appear and you can unlock it easily.
Posted on 11-15-2016 04:12 AM
I hate to reawaken this old thread, but I'm getting annoyed at this today! I can see right through these, but they keep coming in and our techs keep asking about them. Instructed folks not to respond to any GSX emails without checking with me first. I have notified Apple numerous times. I'm not seeing much else I can do about them. Does anyone have suggestions beyond that on how to deal with these that you use in your organization ?
Posted on 11-15-2016 06:35 AM
Not much Apple can do about the spam at this point.
The string "GSX" is fairly unusual and not something you'd find in daily mail conversations.
You might consider appending a POTENTIAL SPAM warning to the message before delivery.
Keep in mind your filter would catch Jamf Nation and similar messages from other legitimate sources, so be careful.