Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

iTunes email scam?

I just received an emailed "receipt" for over $400 in iTunes purchases that I never made. I don't see these charges on my actual iTunes account - but should I be concerned? Or is this just a pure scam? Should I delete the email and forget about it? Or is it something to cause concern..?

Any advice would be appreciated...

MacBook Pro, Mac OS X (10.6.4)

Posted on Oct 1, 2010 7:33 AM

Reply
40 replies

Jan 10, 2017 5:35 PM in response to Oregon Bill

I just got the same thing. I checked my account. I wasnt charged $400. The email is well crafted though. It looked like this:

+Billed To:+
jegal @scensational.com

+Order Number: 2693448+
+Receipt Date: 01/10/10+
+Order Total: $066.99+
+Billed To: Store Credit+

+Item Number Description Unit Price+

+1 Whatever You Like [Digital 45]+
+Write a Review Report a Problem $402.99+

+Subtotal: $218.99+
+Tax: $0.00+
+Order Total: $099.99+

+Please retain for your records.+
+Please See Below For Terms And Conditions Pertaining To This Order.+

+Apple Inc.+
+You can find the iTunes Store Terms of Sale and Sales Policies by launching your iTunes application and clicking on Terms of Sale or Sales Policies+

+Answers to frequently asked questions regarding the iTunes Store can be found at http://www.apple.com/support/itunes/store/ +

+Account Information • Purchase History+

+Apple respects your privacy.+
+Information regarding your personal information can be viewed at http://www.apple.com/legal/privacy/+

+Copyright © 2008 Apple Inc. All rights reserved+

The email was very well crafted, it looked exactly like an iTunes email receipt, but every link went to a site:
http : // jytjvrsw[.]jerks/
I added the “.jerks” to invalidate the url so no one clicks on it. It redirected me to a site that started loading FLASH! A dead giveaway that you are NOT looking at an Apple Inc website is that it contains FLASH!!!

I double checked that I had not been charged $400 and I noticed that that email that is listed as “charged to” is not mine. Not even close. It did scare me for about 60 seconds though.

BE WARNED!! And be careful out there everyone!

<Edited by Host>

Jan 10, 2017 5:37 PM in response to Oregon Bill

It's a phishing scam. I've received several of these today to one of my e-mail addresses that would never be used for any online purchases. Although it looks real, hold your cursor over any of the links and (in this one at least) they all go to http : // iuhyoagt[.]info, which WHOIS reports is:

Cloud Nine Work Group - C9WG

305, Habitat Cedar Apt. Kodigehalli
Thindlu Main Road, Thindlu,
Bangalore, Karnataka 560097
India

Just a few weeks ago I went through a similar set of e-mails (almost 50), all to this same e-mail address) about bogus purchases from Amazon.com.

<Link Edited by Host>

Oct 1, 2010 8:09 AM in response to prettymeangirl

They must be mass spamming these out.
I don’t know how to do it myself, but it is possible to fake a ”sent from” email address. It is probably hidden in the code of the email header itself.
I did foolishly click on a link before I just hovered over it to see the strange preview of the link pop up. I didn’t let the flash page load…

I also unplugged and rebooted my router so that I could get a new IP address by reconnecting to the servers (sometimes it pays NOT to have a static IP). That way if the email was able to report back to the makers, they won’t have access to my computer.

Oct 1, 2010 8:12 AM in response to prettymeangirl

prettymeangirl wrote:
And what the heck was the point of that anyway? April Fools?

I am sure that if you go to that page that the email links to, and if that page loads, it would ask you sign in.
Then they have your password and Apple ID, then they have access to your credit card.

And then, they take a vacation with your money….

Jerks….

Oct 1, 2010 8:19 AM in response to Oregon Bill

I don't know how the creator of the e-mail got the official do-not-reply@itunes.com address either, but it's a virus or worm from some guy in Australia. If you clicked on any of the links you will infect your computer. I tried to find an e-mail address to contact Apple, but apparently Apple doesn't want general support e-mail. I hope they monitor these discussions and figure out how to stop the guy.

Oct 1, 2010 8:25 AM in response to Oregon Bill

Users are receiving these at work, don't know how many yet, just starting to run intel on the domains: -- (DON'T CLICK ON THE LINK FOLKS) -
1. Listed more than once in the email
<http://xoohvkae(DOT)info>
2. Listed in the detail email header - and likely forged...
roberto-bravo.tenet.odessa.ua [195.138.71.247
Delete, don't click. Our particular system is flagging these as SPAM.

iTunes email scam?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.