I just got an e-mail message supposedly from “Apple ID” that said it was confirming an Apple iTunes purchase. It had a PDF that had a receipt with a bunch of items I had never heard of. I then clicked on the “Apple ID” sender and saw that it had a random e-mail address. I deleted the e-mail, but I’m wondering whether I might have done something risky by opening the PDF on my iPhone. Should I do anything more?
Sounds like Phising to me.
They want you to enter your credentials. If you didn’t do that, I think there would near-zero risk.
Okay, thanks!
There have been numerous exploits found in Adobe’s PDF readers over the years. A really amazing number. Adobe has gotten better and if your reader is up to date (or better yet non-Adobe), then you’re better off. (But never 100% secure, of course.)
Sending a PDF that tries one of these exploits is still attempted once in a while.
Don’t ever click on a PDF link from a less than 100% trusted source.
I suggest you update your anti-virus software and run a scan now. Just in case.
How does one do that on an iPhone?
Apple doesn’t use Adobe’s PDF reader on the iPhone…
I get these all the time. Yesterday I got the “Your Apple ID was suspended” version of the email. Last week, I get the “Your ID is automatically locked” version of the email. If you opened it up on your iPhone, you should be okay. I don’t know of any known current PDF exploits on that. (There are reports of security holes in the past, but I can’t find anything current.)
Seems to be an uptick in this kind of phishing attempt lately; almost every day I get a “receipt” for some purchase I have made either from iTunes or amazon. This morning’s mail brought me the receipt for renewal of Pandora, which is a neat trick since I don’t subscribe.
All total crap, of course.
Yeah, I got two days ago the “suspicious activity on your Apple Account - Click here to verify your account details”.
I would believe it more, maybe, if they had used good grammar.