Pages

Saturday, January 10, 2015

Phishing Email - Apple Sent You an iTunes Gift

Subject: Apple Sent You an iTunes Gift  You can redeem this gift on your iPad, iPhone, iPod touch, or on your computer using iTunes. Once you redeem your gift and verify your Apple ID, you will be credited with $25 and can purchase the latest music, apps, and more

If you receive this crafty email similar to below, then it beware it's probably a phishing email attempt that is recently going around. What to do?  Report them now,

Action > Report the Phishing URL to Google now, click this link
  1. https://www.google.com/safebrowsing/report_phish/?hl=en&url=monolithi.com

How to tell this is a Phishing email ?

  1. Is email is from you to you, then it's phishing.
  2. Hover over all links in email, if it's not from the apple.com site then forget it.
    Reading email in Outlook generated pop-up "Click to follow link"

    In above example, the Redeem Now button, which links to spam site monolithi.com.

  3. The best way is to look at message source, see below.


How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.

For this phony email, well look at the top 25 lines of the message, known formally as the "message header".





Invalid return-path:

At
 line 23 you have Return-Path: hosting.windows@aruba.it
and is suspect because domain was registered in Italy (
.it) and nothing to do with Apple.

Aruba.it is being investigate for a Paypal phishing and has reported links to Italian Mafia.


These are valid return-paths for Apple 

  • Return-Path: do_not_reply@apple.com 
  • Return-Path: bounces@insideicloud.icloud.com 

Why look at "Return-Path"? When the e-mail is put in the recipient's mailbox, a new mail header is created with the name "Return-Path:" containing the address on the MAIL FROM command. So it's a quick hit to determine authenticity.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report Phishing URLs monolithi.com at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/?hl=en&url=monolithi.com

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

No comments:

Post a Comment