GSX Phishing Scam

ericbenfer
Contributor III

FYI - There is a GSX account Phishing scam out there.

The "Check your account" button is NOT an Apple site.

99b75e5c585248ef9ba3a259c841718e

13 REPLIES 13

mm2270
Legendary Contributor III

Haha. So obvious its a scam with the horrible half English verbiage. Love that squished Apple logo too - nice touch!
Honestly, this is why these people will always be scammers and never amount to anything. They can't even bother to learn enough of a language to make a convincing phishing scam, which means they are just dolts.

Clean
New Contributor II

I've been getting these periodically and it's always good for a laugh.

I forward each one to reportphishing@apple.com.

davidacland
Honored Contributor II

We get these quite often, pretty annoying but not much Apple can do about it really.

brad
Contributor

I just started getting these a week or two ago. The first one was an announcement of iOS 8.1.4. @Chris.Ball Thanks for posting that, certainly can't hurt to send them Apple's way.

jreinstedler
New Contributor III

Just got one of these today. Wondering if GSX may have been pwned... the email address they sent it to was a specially crafted one used ONLY for GSX, and yet I got the email there. Links resolve to "http://icloudappie.com". Nice.

Simmo
Contributor II

I've been getting a few of these just recently also.

donmontalvo
Esteemed Contributor III

Yea, not sure how these scammers got all our GSX addresses...

https://gsxapp.apple.com/WebApp/resourcesarticle.htm?documentid=SN2573&locale=en_US
9ea64d1ca5dd42cb8d1308d3fdf2180e

--
https://donmontalvo.com

freddie_cox
Contributor III

Just an FYI - If you had any e-mail accounts that were currently deactivated, it looks like those accounts might now be gone out of your account portal as part of this.

Damien
New Contributor

I got this 5 minutes after actually emailing Apple about re-activating my account ( due to inactivity )

e6770042180d44fbb03568f1cc56b006

Kaltsas
Contributor III

I've been getting these for a few weeks, the non secure, non apple web addresses have been an easy identifier for me (but I've seen so many phishing scams I'm always skeptical of any email that asks me to log in). Though there have been a few that had addresses that almost looked like a legit apple web address. This email address is only used for GSX and Apple's Discussion Board. I had assumed they trawled the discussion board profiles for addresses, not sure how else they would have obtained a not very public service address for me.

adamcodega
Valued Contributor

If you need to reactivate a disabled GSX account, like if it was disabled for inactivity or for extra security during the phishing uptick, you'll need to search for the account in GSX. It won't show up when you click People > Users.

If you do a search under the People section and enter the disabled account's email address, it will appear and you can unlock it easily.

blackholemac
Valued Contributor III

I hate to reawaken this old thread, but I'm getting annoyed at this today! I can see right through these, but they keep coming in and our techs keep asking about them. Instructed folks not to respond to any GSX emails without checking with me first. I have notified Apple numerous times. I'm not seeing much else I can do about them. Does anyone have suggestions beyond that on how to deal with these that you use in your organization ?

talkingmoose
Moderator
Moderator

Not much Apple can do about the spam at this point.

The string "GSX" is fairly unusual and not something you'd find in daily mail conversations.

  1. If you find the spammers are using GSX either in the subject line or body of the message and
  2. The message isn't coming from *.apple.com or a specific address and
  3. You have control over your mail server filters...

You might consider appending a POTENTIAL SPAM warning to the message before delivery.

Keep in mind your filter would catch Jamf Nation and similar messages from other legitimate sources, so be careful.