iTunes phishing emails

iTunes phishing emails

The Jennifer Lawrence leaking of pictures online due to a compromised iCloud account has put Apple in the spotlight in recent months.

Figure A is a sample of a phishing email that was blocked by our email filters yesterday afternoon. The volume of emails similar to this suggests that a new iTunes phishing campaign was initiated yesterday.

The email warns the recipient of unusual activity, and a potential compromise of their iTunes account. A link is provided to enable the user to update their details including changing their password.

Account suspension is the outcome if the recipient fails to update their details within 48 hours. The email therefore is urging the recipient to take action as soon as possible.

The site address given looks legitimate, but mousing over it shows that it does not link back to an Apple site. Rather, it links to a phishing site. The site is realistic enough, but it is designed to extract the recipient’s personal information, such as credit card details and login credentials.

This email has a few indications that it is a phish. The grammar of the first sentence is clumsy. The email also is imploring the user to click on the link and confirm their details by stating that “If this is not done in 48 hours, we will be forced suspend your account,”. The comma at the end of the statement is another giveaway.

Probably the biggest giveaway, however, is that the email is not personalised. Organisations will always personalise an email to you; this email does not even bother with a “dear customer”.

Apple has posted a guide to checking on whether an email is a phishing attempt. The most critical part of course is to not click on links. Apple also states that:

“The iTunes Store will never ask you to provide personal information or sensitive account information (such as passwords or credit card numbers) via email.”

If you do receive this email, delete it.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service