Sunday, December 14, 2014

Phishing Email - No Confirmed - iTunes Gift Card $100 to

Sample Phishing Email - No Confirmed - iTunes Gift Card $100 to ...

If you receive this crafty email similar to below, then it beware it's probably a phishing email attempt that is recently going around. What to do?  Report them, goto bottom of page.

Action > Report the Phishing URL to Google now, click this link
  1. https://www.google.com/safebrowsing/report_phish/?hl=en&url=itunesgoold.com



 
Subject : No Confirmed - iTunes Gift Card $100 to (robertfrost@outlook.com) Your receipt No.59999999 Your receipt No.1133944444
PayPal logo
11 DEC 2014 02:01:11 BST
Transaction ID: 4V999966CK3888N
 
You sent a $100 iTunes Gift Card to (robertfrost@outlook.com)
Thanks for using iTunes Store. To see all the transaction details, log in to your Apple account.

It may take a few moments for this transaction to appear in your account.


 
Seller
Apple Canada
Note to seller
$100 iTunes Code (email delivery)
Shipping address - NO confirmed
Dispatch details
The seller hasnt provided any dispatch details yet.
 
Description
Unit price
Qty
Amount
$100 CAD
1
$100 CAD
 
Postage and packaging
$100 CAD
Insurance - not offered
----
Total
$100 CAD

How to tell this is a Phishing email ?


  1. Is email is from you to you, then it's phishing.
  2. Hover over all links in email, if it's not from the apple.com site then forget it.
    Reading email in Outlook generated pop-up "Click to follow link"

    In above example, all the links and source images seem to be from Apple website except the iforgot.apple.com link.

    You can test this
    in the above example, since I crafted that from source HTML of the phishing email. Try it, hover over links to examine the source URL. Note: I have re-coded iforgot.apple.com to report itunesgoold.com as phishing site to Google.

    In the original phishing email, hovering over iforgot.apple.com pointed to spam site 
    itunesgoold.com. The correct link when you hover over iforgot.apple.com should be http://iforgot.apple.com.


  3. The best way is to look at message source, see below.


How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.

For this phony email, well look at the top 25 lines of the message, known formally as the "message header".





Invalid return-path:

At
line 23 you have Return-Path: hosting.windows@aruba.it
and is suspect because domain was registered in Italy (
.it) and nothing to do with Apple.

Aruba.it is being investigate for a Paypal phishing and has reported links to Italian Mafia.


These are valid return-paths for Apple 

  • Return-Path: do_not_reply@apple.com 
  • Return-Path: bounces@insideicloud.icloud.com 

Why look at "Return-Path"? When the e-mail is put in the recipient's mailbox, a new mail header is created with the name "Return-Path:" containing the address on the MAIL FROM command. So it's a quick hit to determine authenticity.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report Phishing URLs itunesgoold.com at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/?hl=en&url=itunesgoold.com

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

No comments:

Post a Comment