slesski
Level 1 (0 points)

Q: Phishing Attack?

Hi,

 

I received the following email purporting to be from Apple (iTunes).  I haven't purchased anything from iTunes for a considerable time so not sure whether my account has been hacked or this is a phishing attack.  If the latter, then of course I'll ignore.  If the former, then I will check my bank account for any unusual transactions (none-currently showing).  Of note, this is the second email I have received since activating my iTunes account on new laptop - I have Kaspersky installed which is notifying me there are no threats on my laptop, but it is unusual that I have only received these since installing iTunes.  No other phishing attacks from other sources have been received.  Many thanks, in advance, for your advice.

 

The email was sent from do-not-reply@apple.

 

 

Billed To:
*******Order ID: ******
Receipt Date: 08/09/14
Order Total: GBP 20.99
Billed To: Store Credit

 

 

 

ItemDeveloperTypeUnit Price
BlindSquare
*****		MIPsoftIn-App PurchaseGBP 20.99
Order Total:GBP 20.99

 

If you initiated this download, you can disregard this email.
It was only sent to alert you in case you did not initiate the download yourself.
If you did not initiate this download, we recommend that you go to iTunes Payment Cancellation Form to change your password, then See Apple ID:
Tips for protecting the security of your account for further assistance.

How to resume Payment Cancellation Form iTunes Store downloads

*****

iTunes
You can find the iTunes Store Terms of Sale and Sales Policies by launching your iTunes application and clicking on Terms of Sale or Sales Policies

 

 

 

*****
Apple respects your privacy
Information regarding your personal information can be viewed at *****
This is not a VAT notice. Copyright 2014 iTunes S.r.l. *****

 

 

<Edited By Host>

Windows 8

Posted on Sep 8, 2014 11:56 AM

Close
slesski

Q: Phishing Attack?

  • All replies
  • Helpful answers

Page 1 Next

  • by Ralph Landry1,

    Ralph Landry1 Sep 8, 2014 5:52 AM in response to slesski
    Level 8 (41,782 points)
    Sep 8, 2014 5:52 AM in response to slesski

    There have been a number of phishing attacks for almost a year now...Apple has posted a page on how to respond:http://www.apple.com/legal/more-resources/phishing/ and information on  identifying: http://support.apple.com/kb/HT4399 so check those out.  Sometimes the invoices come after a long delay in my experience so check back to see if this matches a purchase you made some months ago, also.

  • by Ralph Landry1,

    Ralph Landry1 Sep 8, 2014 5:53 AM in response to slesski
    Level 8 (41,782 points)
    Sep 8, 2014 5:53 AM in response to slesski

    That second link should have been http://support.apple.com/kb/HT4933 magic fingers strike again

  • by slesski,

    slesski slesski Sep 8, 2014 6:09 AM in response to Ralph Landry1
    Level 1 (0 points)
    Sep 8, 2014 6:09 AM in response to Ralph Landry1

    Thank you.  I had previously read the information that Apple supply on phishing attacks and having worked in fraud prevention for many years, thought it prudent to double check and of course, report this continued problem that Apple are experiencing and share with as you may want to use this as a phishing example similar to how banks advise customers.

     

    As I mentioned, I haven't purchased anything for a considerable amount of time (probably 2 / 3 years), so will assume that this is a "genuine" phishing attack, not a "genuine" iTunes email.  Such a shame Apple's invoices take so long though as you alluded to, it means that people won't know for a while whether they've been compromised or not.  Perhaps something to suggest to the people in the Apple world, ie prompter billing?

     

    Thanks for your prompt response and attention.

    Slesski.

  • by John Galt,

    John Galt John Galt Sep 8, 2014 8:44 AM in response to slesski
    Level 9 (50,424 points)
    Mac OS X
    Sep 8, 2014 8:44 AM in response to slesski

    It's a genuine phishing attempt. Anyone can create one of them and send them to any number of the hundreds of millions of iTunes account holders. All that is required for them is your email address, which you should regard as personal information. It's not a good idea to divulge it in any public forum, including this one. I'll ask this site's Hosts to delete or obscure yours.

     

    It is also possible for criminals to obtain email addresses in wholesale quantities using any number of means, including malicious hacking, theft, phishing, bribery, or through the use of automated random address generators. the possibilities are endless.

     

    The "report a problem" link does not belong to Apple.

     

    Disregard the email.

  • by stevejobsfan0123,Helpful

    stevejobsfan0123 stevejobsfan0123 Sep 8, 2014 8:43 AM in response to slesski
    Level 8 (44,007 points)
    iPhone
    Sep 8, 2014 8:43 AM in response to slesski

    The cancel link goes to pineywoodsfriends.org and not apple.com so that's proof right there that it's a phishing attempt. Forward the email to reportphishing@apple.com. In the future, whenever you get an email supposedly from Apple that requires you to take action on "their" website, go to apple.com directly rather than clicking the link.

  • by John Galt,

    John Galt John Galt Sep 8, 2014 8:50 AM in response to stevejobsfan0123
    Level 9 (50,424 points)
    Mac OS X
    Sep 8, 2014 8:50 AM in response to stevejobsfan0123

    That's a good catch SJF. I didn't check all the links.

     

    Screen Shot 2014-09-08 at 11.46.12 AM.png

     

    Fortunately Safari's Fraudulent Site warning flags it:

     

    Screen Shot 2014-09-08 at 11.49.13 AM.png

  • by slesski,

    slesski slesski Sep 8, 2014 8:49 AM in response to John Galt
    Level 1 (0 points)
    Sep 8, 2014 8:49 AM in response to John Galt

    John, thank you!! My MAJOR ERROR in providing email address, when copying the email, I made an assumption that this was a "closed community".  If it can be obfuscated, that would be much appreciated, but probably too late now.  DOH!!!  Now I will be phished.

  • by John Galt,

    John Galt John Galt Sep 8, 2014 8:51 AM in response to slesski
    Level 9 (50,424 points)
    Mac OS X
    Sep 8, 2014 8:51 AM in response to slesski

    No worries. Once reported, this site's Hosts jump on them very quickly.

  • by Chris CA,

    Chris CA Chris CA Sep 8, 2014 8:52 AM in response to slesski
    Level 9 (79,677 points)
    iTunes
    Sep 8, 2014 8:52 AM in response to slesski

    slesski wrote:

     

    John, thank you!! My MAJOR ERROR in providing email address, when copying the email, I made an assumption that this was a "closed community".  If it can be obfuscated, that would be much appreciated, but probably too late now.  DOH!!!  Now I will be phished.

    I have sent email to mods to remove info in your post

  • by stevejobsfan0123,

    stevejobsfan0123 stevejobsfan0123 Sep 8, 2014 8:53 AM in response to John Galt
    Level 8 (44,007 points)
    iPhone
    Sep 8, 2014 8:53 AM in response to John Galt

    I reported it too so they'll jump on it twice as fast

  • by slesski,

    slesski slesski Sep 8, 2014 8:56 AM in response to slesski
    Level 1 (0 points)
    Sep 8, 2014 8:56 AM in response to slesski

    John, do you know who I can contact to get details obfuscated? Thank you.

  • by John Galt,

    John Galt John Galt Sep 8, 2014 9:06 AM in response to slesski
    Level 9 (50,424 points)
    Mac OS X
    Sep 8, 2014 9:06 AM in response to slesski

    It will be deleted any minute now (edit... done).

     

    These phishing attempts are getting better. This is what loads if you click the "cancel" link and ignore Safari's warning about it:

     

    Screen Shot 2014-09-08 at 11.56.01 AM.png

     

    It's quite good, and contains everything needed to effectively steal your identity and drain your bank accounts. It's no wonder that iCloud selfies captivated the hyperventilating "news" media recently.

     

    Mother's maiden name... really?

  • by Kilgore-Trout,

    Kilgore-Trout Kilgore-Trout Sep 8, 2014 9:05 AM in response to John Galt
    Level 7 (32,679 points)
    iPad
    Sep 8, 2014 9:05 AM in response to John Galt

    One of the best I've seen thus far.

  • by Chris CA,Helpful

    Chris CA Chris CA Sep 8, 2014 9:44 AM in response to stevejobsfan0123
    Level 9 (79,677 points)
    iTunes
    Sep 8, 2014 9:44 AM in response to stevejobsfan0123

    I reported the hotlinks (copied when pasted from original phishing email) but they are still there.

Page 1 Next