Fraudulent Apple ID Notification Spamming Irish Emails

By   ISBuzz Team
Writer , Information Security Buzz | May 13, 2014 01:04 am PST

ESET Ireland warns of another scam making the rounds in Ireland. A fraudulent notification of a purchase made via Apple ID results in cybercriminals collecting log-in passwords.

While the concept of fake notifications is nothing new, cybercriminals keep coming up with new variations on the old scam. This time the email message, that is being spammed to Irish email addresses, claims your Apple ID has been used for an App Store purchase and that you should “reset your password” if you didn’t make the purchase. The full message reads:

Subject: Your recent download with your Apple ID

From: Apple appxxx@apple-store-co.com

Your Apple ID was just used to download Defender of the Crown from the App Store on a computer or device that had not previously been associated with that Apple ID.

Order Number: RDCSWA281OD
Order total: 12.21 £

If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

If you did not initiate this download, we recommend that you go to iTunes Payment Cancellation Form to change your password, then

See Apple ID: Tips for protecting the security of your account for further assistance.

Regards,
Apple

Because the victim, of course, didn’t make any purchase, they are lead to believe someone abused their Apple ID and they click on the suggested link to change their password. But the link leads to a faked iTunes site, which harvests passwords, so that the cybercriminals can then actually log into the victim’s account and abuse it.

This scam is clever in that it already acknowledges that people are becoming increasingly suspicious of online fraud and incorporates this into its own scamming strategy. ESET Ireland recommends that every such “confirmation email” you may receive, is treated with scepticism and clicking any links within it should be avoided, as in most cases they lead to faked websites, which may not only harvest your passwords but also try to infect you with drive-by malware.

More info on latest threats: blog.eset.ie

About ESET

EST LogoESET technology will keep your hardware and software performing as it should. At ESET we have hundreds of people around the world working hard every day so your computers, tablets, smartphones and servers are properly protected. All with minimal impact on their performance.

Subscribe
Notify of
guest
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

0
Would love your thoughts, please comment.x
()
x