Fake Email from AT

It is possible that this person has access to your email account that you use for your Apple ID credential.

If they do, they would ALSO get an email notification whe you change your Apple ID password -

Change your password to your EMAIL account - actually change every password for everywhere there are logins

OK

It appears that your badoo account was compromised

Nothing to do with your Apple ID

You can TRY to get badoo to help with that issue

Your badoo account had your phone number as a detail in the account information - if they were IN your account, then the badoo system assumed that they were YOU

The phishing attempt - Apple "purchase" that you did not make - was a good guess that you used the same email address for badoo as for your Apple ID

IF you are using a password ANYWHERE that was provided by the "criminal" you need to change it = NOW.

To secure your Apple ID - and any other "membership" that has this feature - you need to enable

Get a verification code and sign in with two-factor authentication - Apple Support

OR

Switch from two-step verification to two-factor authentication - Apple Support

Read these CAREFULLY - then take action

Pinucciore wrote:

Re: [info new statement] new notification updated, new statement and account updated, your account has changed password, 10 Nov 2018 [FWD] [MCD]

Apple support <***@kambinmabok .***>

A: support@apple.com

this is the mail

No possible way that this is APPLE

IF

indeed you changed your Apple ID password at

https://appleid.apple.com/account/manage

THEN

this person has your email account password so that they can access your email account INBOX to SEE the notification FROM Apple about the password change

OR

they are guessing

These are all from scammers and not from Apple. And, they do not know anything, they are just making things up hoping that you will believe them and give them access or information so they can steal from you. Just ignore.

Ah. Okay, that makes more sense.

The two fake emails are just that. Fakes with no connection to your account.

The one you received after changing the password was indeed from Apple. It's an automatically generated message to let the owner of the account know the password was changed. For the obvious reason if you didn't change it, you would want to be notified.

The message from Apple also should have also included a line that says something like, "Your account password was recently changed. If you are aware of this, you can disregard this message."

Now you've confused me again. Post screen shots of the two purported fake emails, and the one that is likely from Apple. Remove any personal information from the images before posting. Such as your personal email address. If they show, make sure we can see the return email addresses. Those will tell much about where they're from.

As Chitlins noted, the first is clearly not from Apple. Not with that return address. But, you already guessed that much.

The second is from Apple. As I noted earlier, it's nothing more than an automatically generated message to let the owner of the account know someone changed the password. You already know it was changed and the person who did it was you.

The person sending the fake messages from kambinmabok.biz knows nothing about the password change.

Anyone can send you an email as long as they have your address. Changing your password won't stop that.

Correcting my good friend Kurt's statement

The second APPEARS to be from Apple - BUT - "support" is not a mailbox account that Apple would use, especially regarding anything to do with Apple ID

Changes to your Apple ID would come from

Apple <appleid@id.apple.com>

I still believe that you need to tell us the story, from the beginning, in detail, every one.

The second APPEARS to be from Apple - BUT - "support" is not a mailbox account that Apple would use…

No, it's from Apple. What's in front of the @ symbol isn't part of the domain. In this case, it's apple.com, which can only be from Apple. If you do a whois on the address, it resolves to Apple.

Queried whois.internic.net with "dom apple.com"...

Domain Name: APPLE.COM

Registry Domain ID: 1225976_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.corporatedomains.com

Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html

Updated Date: 2017-07-06T03:10:21Z

Creation Date: 1987-02-19T05:00:00Z

Registry Expiry Date: 2021-02-20T05:00:00Z

Registrar: CSC Corporate Domains, Inc.

Registrar IANA ID: 299

Registrar Abuse Contact Email: domainabuse@cscglobal.com

Registrar Abuse Contact Phone: 8887802723

Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Name Server: A.NS.APPLE.COM

Name Server: B.NS.APPLE.COM

Name Server: C.NS.APPLE.COM

Name Server: D.NS.APPLE.COM

Name Server: E.NS.APPLE.COM

Name Server: F.NS.APPLE.COM

DNSSEC: unsigned

URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

>>> Last update of whois database: 2018-11-13T13:20:11Z <<<

Queried whois.corporatedomains.com with "apple.com"...

Domain Name: apple.com

Registry Domain ID: 1225976_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.corporatedomains.com

Registrar URL: www.cscprotectsbrands.com

Updated Date: 2018-09-27T20:53:12Z

Creation Date: 1987-02-19T05:00:00Z

Registrar Registration Expiration Date: 2021-02-20T05:00:00Z

Registrar: CSC CORPORATE DOMAINS, INC.

Registrar IANA ID: 299

Registrar Abuse Contact Email: domainabuse@cscglobal.com

Registrar Abuse Contact Phone: +1.8887802723

Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited

Registry Registrant ID:

Registrant Name: Domain Administrator

Registrant Organization: Apple Inc.

Registrant Street: One Apple Park Way

Registrant City: Cupertino

Registrant State/Province: CA

Registrant Postal Code: 95014

Registrant Country: US

Registrant Phone: +1.4089961010

Registrant Phone Ext:

Registrant Fax: +1.4089741560

Registrant Fax Ext:

Registrant Email: domains@apple.com

Registry Admin ID:

Admin Name: Domain Administrator

Admin Organization: Apple Inc.

Admin Street: One Apple Park Way

Admin City: Cupertino

Admin State/Province: CA

Admin Postal Code: 95014

Admin Country: US

Admin Phone: +1.4089961010

Admin Phone Ext:

Admin Fax: +1.4089741560

Admin Fax Ext:

Admin Email: domains@apple.com

Registry Tech ID:

Tech Name: Domain Administrator

Tech Organization: Apple Inc.

Tech Street: One Apple Park Way

Tech City: Cupertino

Tech State/Province: CA

Tech Postal Code: 95014

Tech Country: US

Tech Phone: +1.4089961010

Tech Phone Ext:

Tech Fax: +1.4089741560

Tech Fax Ext:

Tech Email: apple-noc@apple.com

Name Server: a.ns.apple.com

Name Server: f.ns.apple.com

Name Server: e.ns.apple.com

Name Server: d.ns.apple.com

Name Server: c.ns.apple.com

Name Server: b.ns.apple.com

DNSSEC: unsigned

URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2018-09-27T20:53:12Z <<<

Kurt Kurt Kurt...

"support" is not a mailbox that Apple would put in an email

ANYONE can type an email address to an "apparently" valid Apple email address -

when I simply type

support@apple.com

it looks like a real email address because it is FORMATTED CORRECTLY

The email would go NOWHERE (and MAY not even get a BOUNCE reply from apple.com)

All I'm saying is support@apple.com would only go to Apple, assuming it exists. What we don't know is if the address in the email read that way, but really went somewhere else when you click on the address, or hover over it to see where it really goes. We don't have that information.

Then we can do nothing but guess about the information you've provided. Your last post on who sent what said:

the problem is that was also a fake from the same person;

So far, that makes sense since you said you received two fake emails from the same person. But then you confuse that statement with:

that's why I am asking how did he know that i changed the pass

Then we're back to, "How does who know?" We can't read your mind. If it's nothing more than a genuine email from Apple informing you your password has been changed, then then the crook sent nothing and knows nothing about the password change.

Post just the sender's address on the one noting the password change.

Methinks "support" was included ONLY to present a false sense of security

Oh! I get what you're saying now. Yes, I've seen lots of those, too. Fake links in the scam email, along with some legitimate ones that serve no purpose other than to try and make the message seem more legitimate.