I received an email today at about 9:37 AM EDT saying my Apple ID was disabled due to two unusual access events.
The email said the unusual access was at 2:37 PM TODAY (no time zone specified). Interestingly these attempts were 5 hours AFTER I received the email notice.
I guess this guy must have skipped the “Timezone-101” class in hacker school.
Sadly it looked reasonably official and some will click on the link that goes to a site that most likely asks for your password.
100% of the times
you can avoid being “hacked” simply verifying the “from” email address from this kind of emails (I even recommend to always verify the “from” address, even if this field can be modified too
but I never found that kind of sophistication from most of these pro “hackers”). 
I’ve seen some quite convincing phishing attempts lately. Some from Apple, but quite a few from various banks, most of which I’ve never used.
I tend to look at the email headers and see where the message actually came from. I then usually forward the message as an attachment to the abuse address for the network that it came from.
I’ve never received a response from one of those abuse notifications, but I keep sending them since I would imagine those IT firefighters are pretty busy and probably wouldn’t respond except in exceptional circumstances.
I’ve seen these emails sent from all of the big email provider’s servers, Google, Yahoo, Microsoft, and lesser known ones, as well as several university servers.
The only thing that seems to be more prolific these days is those annoying robocalls that rotate numbers in the same area code. I really wish Apple would get on board with my feedback plan to stop those for good, but they don’t appear to reply to feedback either.
On my home phone we have eliminated spam calls entirely with a simple IVR screener. Works great. It works so good I’ve though about forwarding all my cell calls through it, but I don’t like the single point of failure for my phone comms.
Oh well. 1st world problems. Whatcha gonna do?
Yes lots of things can be spoofed but generally a “view source” on the email shows where it was sent from and it sometimes becomes clear that it is bogus. And of course the grammar problems are a hint.
Note to Kevin: What are you using for your IVR screener?
A while back I heard about a guy that built a “sort of” AI enabled IVR that would engage a telemarketer. It would do things like provide a voice in the background that was asking the person who answered the phone a question and they would say “Hang on just a second” then answer the interruption. It would then return to the call and say something like: “Sorry about the interruption, can you repeat what you just said?”. It would then do other things that were not specific like “OH sorry, that’s the door bell”. The whole attempt was to keep the caller on the phone as long as possible to waste their time.
Of course most of the calls today are automated so it would not work. But it sounds like a cool project.
Tri-tones on your answering machine. I’ve seen my junk calls drop by over 60% because the robocaller hears he tones and marks the number as not in service.
Since everyone I know that I really want to speak with have my cell #, it’s been a simple fix.
That’s nothing, a friend just got this email:
[quote]I greet you!
I have bad news for you.
11/28/2018 - on this day I hacked your operating system and got full access to your account XXXXXXXX[/quote]
We have a trio of “Honey Pot” accounts to do SPAM/SCAM comparative analysis. It’s so funny when those accounts receive these bitcoin demand emails. This past week, we’ve received the same “model” email in Kanji, Russian, Brazilian Portuguese. and Mexican Spanish. The funniest part is where they state that they have accessed the video camera and have recorded video of the account visiting a “special” site.
Ah well, if you send out 500,000 of these and 0.5% react …