Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Bitcoin Extortion Scam/Spam | Main | Apple-Branded Telephone Scam »

May 07, 2018

Elaborate iTunes Store Receipt Scam

So many crooks are lazy, even the phishers who want to trick you into giving up your login credentials to valuable accounts. But the latest iTunes account credentials grifter created a nearly believable and sophisticated-looking email message designed (as is so often the case) to accomplish two things:

  1. Raise your blood pressure by tricking you into thinking someone has already hacked your account and ordered stuff you don't know about.
  2. Trick you into clicking a link whose destination will prompt you to enter your Apple ID and password

Your Apple ID can be pretty valuable, especially if you have preloaded your account with money of your own or gift cards. A determined crook can use your ID to get to other personal information, try to reset your email address and/or password, and even order stuff from the Apple Store (hardware goodies) shipped to them as a gift.

Without further ado, here is the phishing email that caught my attention:

iTunes Receipt Phishing email

Adrenalin-pumped recipients may overlook the grammar and spelling mistakes out of fear for either being charged for stuff they didn't buy or that their iTunes or Apple Pay account may have been hacked. Neither is true, of course, and you can look at your list of purchased items in your iTunes account to prove it to yourself. Additionally, legitimate iTunes receipts never include a "Cancellation Order" link—getting a refund is a royal pain.

But the clincher, as shown in the image above by rolling the cursor atop one of the links, is that the links do not point to apple.com. On a touchscreen device, tap and hold your finger atop a link until the URL pops up for preview.

So, it's important not to freak out while your blood pressure rises with these kinds of scams. Take your time, study the message, and, whatever you do, don't click on any link or attachment.

Posted on May 07, 2018 at 08:56 PM