Previous 1 2 3 Next 32 Replies Latest reply: Feb 24, 2013 10:44 PM by Kim Carvajal
Oregon Bill Level 1 Level 1 (0 points)
I just received an emailed "receipt" for over $400 in iTunes purchases that I never made. I don't see these charges on my actual iTunes account - but should I be concerned? Or is this just a pure scam? Should I delete the email and forget about it? Or is it something to cause concern..?

Any advice would be appreciated...

MacBook Pro, Mac OS X (10.6.4)
  • Erich Meatleg Level 2 Level 2 (170 points)
    I just got the same thing. I checked my account. I wasnt charged $400. The email is well crafted though. It looked like this:

    +Billed To:+

    +Order Number: 2693448+
    +Receipt Date: 01/10/10+
    +Order Total: $066.99+
    +Billed To: Store Credit+

    +Item Number Description Unit Price+

    +1 Whatever You Like [Digital 45]+
    +Write a Review Report a Problem $402.99+

    +Subtotal: $218.99+
    +Tax: $0.00+
    +Order Total: $099.99+

    +Please retain for your records.+
    +Please See Below For Terms And Conditions Pertaining To This Order.+

    +Apple Inc.+
    +You can find the iTunes Store Terms of Sale and Sales Policies by launching your iTunes application and clicking on Terms of Sale or Sales Policies+

    +Answers to frequently asked questions regarding the iTunes Store can be found at +

    +Account Information • Purchase History+

    +Apple respects your privacy.+
    +Information regarding your personal information can be viewed at

    +Copyright © 2008 Apple Inc. All rights reserved+

    The email was very well crafted, it looked exactly like an iTunes email receipt, but every link went to a site:
    I added the “.jerks” to invalidate the url so no one clicks on it. It redirected me to a site that started loading FLASH! A dead giveaway that you are NOT looking at an Apple Inc website is that it contains FLASH!!!

    I double checked that I had not been charged $400 and I noticed that that email that is listed as “charged to” is not mine. Not even close. It did scare me for about 60 seconds though.

    BE WARNED!! And be careful out there everyone!
  • prettymeangirl Level 1 Level 1 (0 points)
    Wow! That is the exact same email I got! Actually, I got two, then I knew it was a fake.

    The thing I want to know is, how do they get the official reply-to address? And what the heck was the point of that anyway? April Fools?
  • AllysonSCU Level 1 Level 1 (0 points)
    I have received several of these email "receipts" for things I have not purchased. So far my account has not been charged, but I am concerned nonetheless because the email appears to be from iTunes and the dollar amounts have been extremely high. Please advise.
  • Erich Meatleg Level 2 Level 2 (170 points)
    They must be mass spamming these out.
    I don’t know how to do it myself, but it is possible to fake a ”sent from” email address. It is probably hidden in the code of the email header itself.
    I did foolishly click on a link before I just hovered over it to see the strange preview of the link pop up. I didn’t let the flash page load…

    I also unplugged and rebooted my router so that I could get a new IP address by reconnecting to the servers (sometimes it pays NOT to have a static IP). That way if the email was able to report back to the makers, they won’t have access to my computer.
  • Erich Meatleg Level 2 Level 2 (170 points)
    prettymeangirl wrote:
    And what the heck was the point of that anyway? April Fools?

    I am sure that if you go to that page that the email links to, and if that page loads, it would ask you sign in.
    Then they have your password and Apple ID, then they have access to your credit card.

    And then, they take a vacation with your money….

  • Erich Meatleg Level 2 Level 2 (170 points)
    They aren’t real.
    Don’t click on the links.
    If you did, reboot your router so you have a new IP address.
    If you did, and you signed into something on the page that loaded, cancel the credit/debit cards on your iTunes account….
  • Chris CA Level 9 Level 9 (78,015 points)
    then they have access to your credit card.

    No they don't.
    If they get the password to your iTunes account, they could only charge stuff to iTunes.
    The full card number is not accessible (only the last 4 digits) when viewing your account info.
  • Doc1949 Level 1 Level 1 (0 points)
    I don't know how the creator of the e-mail got the official address either, but it's a virus or worm from some guy in Australia. If you clicked on any of the links you will infect your computer. I tried to find an e-mail address to contact Apple, but apparently Apple doesn't want general support e-mail. I hope they monitor these discussions and figure out how to stop the guy.
  • toad718 Level 1 Level 1 (0 points)
    you can forward any suspicious emails to apple -
  • wmrobin Level 1 Level 1 (0 points)
    Users are receiving these at work, don't know how many yet, just starting to run intel on the domains: -- (DON'T CLICK ON THE LINK FOLKS) -
    1. Listed more than once in the email
    2. Listed in the detail email header - and likely forged... [
    Delete, don't click. Our particular system is flagging these as SPAM.
  • Erich Meatleg Level 2 Level 2 (170 points)
    Ah, true. Good point. And a relief….
  • cmykphoto1 Level 1 Level 1 (0 points)
    I am getting the same emails - tons of them this morning. They are getting filtered as spam - but worried too. Glad to see I am not the only one and it does look like it's spam.

    Sent a message to the email another poster made... thanks!
  • Robert Houben Level 1 Level 1 (0 points)
    If you hover over the links in Microsoft Outlook, you will see where they really point. Mine all point to:

    Any correspondence that claims to come from one domain, but directs you to another bogus-looking one is almost certainly a scam!
  • Wayne Davis Level 1 Level 1 (5 points)
    It's a phishing scam. I've received several of these today to one of my e-mail addresses that would never be used for any online purchases. Although it looks real, hold your cursor over any of the links and (in this one at least) they all go to, which WHOIS reports is:

    Cloud Nine Work Group - C9WG

    305, Habitat Cedar Apt. Kodigehalli
    Thindlu Main Road, Thindlu,
    Bangalore, Karnataka 560097

    Just a few weeks ago I went through a similar set of e-mails (almost 50), all to this same e-mail address) about bogus purchases from
Previous 1 2 3 Next