Skip navigation

Is this Phishing or for real?

6742 Views 10 Replies Latest reply: May 27, 2011 7:35 AM by juju67 RSS
Mac MD Level 1 Level 1 (35 points)
Currently Being Moderated
Jul 5, 2010 2:11 PM
Received a message that looks like it came from the iTunes Store. I went to the iTunes Store, clicked on "Check for available Downloads", and entered my AppleID. It seems all media has already been downloaded. Has anyone else seen this? Is this just another Phishing Expedition? Lot of posts about hacked iTunes accounts these days. Thanks.
___________________
"Dear XXXXX,

Thank you for your recent video purchase on the iTunes Store.

You may have experienced a grey or black screen while viewing your purchased
video(s). Apple regrets any inconvenience caused by this issue and has placed a
new copy of your video purchase(s) in your download queue, free of charge. To
begin downloading, click this link:

https://phobos.apple.com/WebObjects/MZFinance.woa/wa/checkForPurchases

Alternately, you can open iTunes and choose Check for Available Downloads from
the Store menu.

Sincerely,

iTunes Store Customer Support
http://www.apple.com/support/itunes/ww"
MacBook Pro 2.66 GHz Core i7, Mac OS X (10.6.4)
  • Axel Foley Calculating status...
    Currently Being Moderated
    Jul 5, 2010 2:26 PM (in response to Mac MD)
    Mac:

    I have never received this type of an email however I checked out the link that you provided and it appears to be legitimate Apple iTunes Store related link.

    You are right though, the phishing emails that we get sound and look pretty much like the Apple email you copied and especially then it takes you to enter a username and a password.

    Axel F.
    MacBook Pro - 2GB RAM - Windows XP, Mac OS X (10.5.8)
  • varjak paw Level 10 Level 10 (167,195 points)
    Currently Being Moderated
    Jul 6, 2010 7:23 AM (in response to Mac MD)
    It's not a phish. But you can ensure that you won't be fooled if you follow the last sentence's advice and just use the "Check for Available Downloads" command in iTunes. Since that does only to the iTunes Store and obviously cannot be used to disguise a link to some bogus site, it's completely safe.

    Regards.
    iMac Core i7 8GB ATI Radeon 4850, Mac OS X (10.6.4), Also: iMac 2.8 Core 2 Duo 24", IPad 16GB WiFi, Dell w/ Windows 7, Win XP via VM
  • cdboehmer Calculating status...
    Currently Being Moderated
    Aug 23, 2010 1:58 PM (in response to Mac MD)
    Hi,
    I recieved an email from apple(at)access.com telleing me that I need to activate my account to prevent a deactivation. I'll post the email. Unfortunately I cklicked the link and entered my apple Id. I've tried to google if anybody else got a message like that but found nothing. I#ve changed my aplle Id Password.

    Can someone tell me if this email was phishing or a real apple email?

    ohh and it's in german, so hopefully someone can read it, or just check the link.

    ----------------------------

    Melden Sie sich bitte bei Ihrem Apple Account an, um dessen Deaktivierung zu vermeiden.


    Laut unseren Aufzeichnungen haben Sie Ihren Account seit 90 Tagen nicht mehr benutzt. Damit Ihr Account aktiviert bleibt, müssen Sie sich mindestens alle 90 Tage bei Ihrem Account anmelden.

    Um ein Wiederholen des Registrierungsvorgangs zu vermeiden, melden Sie sich bitte jetzt unter portal.apple.com bei an.


    Vielen Dank,
    Apple

    -----------------
    MacBook Pro 13"
  • Chris CA Level 9 Level 9 (73,410 points)
    Currently Being Moderated
    Aug 23, 2010 2:04 PM (in response to cdboehmer)
    I recieved an email from apple(at)access.com

    That was phishing.
    You immediately need to change your AppleID password and security questions here -> http://www.apple.com/contact/myinfo/
    I recommend you remove any Ccredit card info from iTunes.
    Mac mini (mid 2010) - 2 GB RAM, Mac OS X (10.6.4), silver mini, blue mini, silver shuffle, iTunes 9.1.1 (12)
  • turingtest2 Level 8 Level 8 (43,960 points)
    Currently Being Moderated
    Aug 23, 2010 2:08 PM (in response to varjak paw)
    I would add that although the text address copied is the correct address, the link in the email might have been spoofed to lead to an alternative password stealing site. I guess there is also the potential, however remote, for some form of traffic redirection. The safest thing is not to leave a credit card connected to your account.

    tt2
    Various PCs, Windows XP Pro, iPhone3GS 4.0.2, 160Gb 1.1.2/2.0.4, 30Gb 1.3, Nano 1.4 - iTunes 9.2.1.5
  • cdboehmer Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 23, 2010 2:10 PM (in response to Chris CA)
    thanx for the quick response. I already changed my password and my secure question. got no creditcard information on itunes just click and buy.

    ****, you always think who falls for this, until it happens to yourself
    MacBook Pro 13"
  • Daniel Feldman Calculating status...
    Currently Being Moderated
    Feb 5, 2012 7:01 AM (in response to Mac MD)

    Howdy,

     

    I also did get a similar email to the 2nd one (cdboehmer's post) indicated in this , however, in my case, it was in English as it should be, and it is real. In my case, it was apparently a notification regarding Apples Sale's information, which I do only rarely log into and I do have an account with due to my affiliation with Apple.

     

    Of course, It's always good to be on the safe side, and ask if your not sure it's a a fake, say, here on these forums or where ever you can get some good advice, and remember, if you get an email with a 'link', instead, you can always type in a URL manually, instead of clicking on a link that may or may not take you to where it looks like it will take you, but could be a fake made to look like the real site to fake you out.

     

    Some applications also will show you the REAL underlying URL for the link, if you hover the mouse over the URL/link for a few seconds, and if it's not going to the right place but some other bogus web site, then it is most likely phishing/spam/UCE, etc...

     

    I was also able to validate in the email headers that it did come from Apple (although that too can be spoofed and could be lies).

     

    In this particular case, it's legit.

     


    The original and real email:
    ==============================================================
    From: access@apple.com
    Subject: First notification:your Apple account has been inactive

     

    Please log in to your Apple account to avoid deactivation

     

    Our records indicate that your account has been inactive for 90 days. To keep your account active, you need to log into your account at least once every 90 days.

     

    To avoid repeating the registration process, please log into at portal.apple.com
    (the link here is: https://portal.apple.com/, which is real.)

     

    Thank you,
    Apple
    ==============================================================

     


    Hope that helps,

     


    Cheers,

     


    Daniel Feldman
    =======================
    MacMind
    Certified Member of the
    Apple Consultants Network
    Apple Certified (ACHDS)
    <edited by host>
    =======================

    Multiple Macs
  • juju67 Calculating status...
    Currently Being Moderated
    May 27, 2011 7:12 AM (in response to Mac MD)

    Hello everybody,

     

    I just became an similar mail from access@apple.com. It's in french (my language). Here's it :

     

    Merci de vous connecter à votre compte Apple pour éviter sa désactivation

     


    Selon nos données, votre compte est inactif depuis 90 jours. Pour conserver votre compte, vous devez vous y connecter au moins une fois tous les 90 jours.


    Afin d'éviter de recommencer la procédure d'inscription, merci de vous connecter à l'adresse portal.apple.com

     


    Merci,
    Apple

     

    Then, you arrive on this <registration> webpage

     

     

    This is phishing. Do not continue. Put the mail in the trash.

     

    <Link with Personal Information Edited by Host>

  • Chris CA Level 9 Level 9 (73,410 points)
    Currently Being Moderated
    May 27, 2011 7:04 AM (in response to juju67)

    (note - This thread was from August 2010).

     

    If the email is really from Apple, it will be an Apple.com address as the actual link (not what is displayed, which can be different than the actual link).

     

    cdboehmer indicated the email he received was from apple @access.com.

    He may have mistyped as yours show access @apple.com

     

    Your email looks legitimate.

  • juju67 Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 27, 2011 7:35 AM (in response to Chris CA)

    Allright, but when I go on the link in the email, all the informations are not mine. How do you explain that?

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.