March 25, 2010Phony Apple AppStore Order Confirmation
Some spam is more preposterous than others, yet it can often require a second look to see how bizarre a message is.
When I first saw this Subject: line in my inbox:
Subject: 25-757 Apple AppStore Order Confirmation
I didn't see the word "AppStore". Instead I figured it was some Apple Store lure to install malware or phish for my Apple ID credentials. Even though I'm an iPhone developer with apps in the real App Store, my eyes skipped over the critical word. Part of that may have come from my knowledge of the real communications that the App Store conveys to real customers: receipts for downloads. All purchases from the App Store are immediate, so there is no such thing as an order confirmation. Even the Apple Store doesn't send a "confirmation" per se. Instead, they send an "Order Acknowledgment".
Here's what the email message looked like:
The association between medz spammers and malware distributors has been shown to be close in the past. The malware can be used to harvest new email addresses that the Bad Guy can use to spam for medz, knockoff goods, and online "dating" sites. Whoever is behind this stuff is equally happy to sell medz and install malware — it all makes money either way.Posted on March 25, 2010 at 11:30 PM