You won't be fooled by hysterical phishing emails, but you know people who will

By William Gallagher

Once again there's a new iCloud phishing email that is so poorly done that AppleInsider readers will be able to spot it, but will be shockingly effective to some susceptible to its hysteria, its appalling grammar, and its blinding font choices.

Detail from an apparently hysterical but really much more sophisticated phishing attempt

You've been using Apple gear for long enough that if you don't happen to have had emails from the company, you at least know what they would be like. Or what they would not be like.

Apple does not use exclamation marks. It doesn't use one, it certainly doesn't use two in a row.

This is the company that is so obsessed with design that when its original Macs would crash, the machine would still display a Susan Kare icon of a bomb.

So when you get the email that's going around now, shrieking about iCloud space running out and "your photos and videos will be deleted!!", you're not fooled. You know it's a con, and the fact that it uses 14 different font faces does not change your mind.

But if you think the people sending it can't write, have no taste, and learnt design from a 1980s clipart manual, you're wrong. Every bit of this nonsense is planned and is there to do one of two extremely specific jobs.

First, the email has to get by Apple's junk mail filter. Neither Apple nor any other service provider will ever explain their junk filtering rules, but when you're a spammer sending out literally millions of these emails, you learn tricks.

One of those tricks does appear to be that mistyped words or malformed sentences help the email get through.

And once it's got through, the email has precisely one more job to do. It's got to get as many people as possible to click whatever link is in it.

The overwhelming majority of people who get the email will not fall for it, but the spammer doesn't care about them. They care about tiny minority who will, if they can be persuaded by the email.

The full phishing email currently doing the rounds

Phishing emails are a con done at unimaginable scale. Millions upon millions of people are emailed, so even a small percentage of that is potentially a gigantic number of victims.

Plus sometimes we are primed to believe an email like this latest one claiming you're running out of iCloud space and all your precious family photos are at risk. We're primed because enough of us really are running out of iCloud space.

Now, this might speak to how Apple is positively miserly about the amount of iCloud space it provides for free. But it's again just a straight numbers game -- some people genuinely reach their limits and if you're emailing everyone, you're going to hit at least some of them.

It's still the case that Apple is tasteful, so if someone does near their limit, they get a clear notification on their device. They don't get 14 font faces and 8 colors.

But people are primed, people are unaware, and people get caught out. In a report that in truth didn't add up, Jamf claimed that 9% of mobile users -- across all devices, not just iPhones -- fell for phishing attacks in 2024, for instance.

It's not ever that people are foolish, it is always that the phishing is quite brilliantly well done. It is always the case that people phishing know both what they are doing, and how it won't fool more than a fraction of people.

Even you can well be fooled. You, an AppleInsider reader who knows that Apple hires teams of poets to write its emails instead of handing over crayons to children.

If it weren't true, then phishing would never work and it would stop instantly. Every time you see an email like this, remember that somehow, with some people, it is working extraordinarily effectively.

You can't stop the phishing and you can't warn the world. But you can look out for yourself and you can warn friends and family, you can tell them how to spot a phishing attack.

For advice for you or them, advice on everything from phishing emails to spam calls, see the AppleInsider guide. And when you've spotted a suspicious email, you can forward it to reportphishing@apple.com, too.