Friday, May 22, 2015

Phishing Email - You sent a iTunes Gift Card $50

Recently the  "You sent a iTunes Gift Card $50 CAD" email has come in many flavors, and if it matches the items below, then there a good chance it's phishing email. But I walk you through how to tell for sure. This crafty email has been making it's way through the big 3 email (google/outlook/yahoo) email spam filters.

What to do? 
Report them, hover over the Click here To Cancel This Transaction link (in your email) and match the URL and click on the match link to report them as phishing to Google.

Report Phishing
 URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/?hl=en&url=youtubewom.com

You sent a iTunes Gift Card $50 CAD to (slowdawn12@msn.co.ok) Thanks for using iTunes. To see all the transaction details, log in to your Apple account. (Order Number:115757250)

22 May 2015 02:01:11 BST

Transaction ID: 4V929066CK353413N
You sent a iTunes Gift Card $50 CAD to (slowdawn12@msn.co.ok)
Thanks for using iTunes. To see all the transaction details, log in to your Apple account.


Seller
eBay Checkout
Note to seller
iTunes Code (Email Delivery)
Address Email - NO confirmed


Dispatch details
The seller hasnt provided any dispatch details yet.


DescriptionUnit priceQtyAmount
Click here To Cancel This Transaction
iTunes Gift Card Number 331027592910
$50 CAD1$50 CAD
Postage and packaging50 CAD
Insurance - not offered----
Total$50 CAD






How to tell this is a Phishing email ?


  1. Is email is from you to you, then it's phishing.
  2. Hover over all links in email, if it's not from the apple.com site then forget it.

    In above example, all the links and source images seem to be from Apple website except the Click here To Cancel This Transaction link.

    You can test this
     in the above example, since I crafted that from source HTML of the phishing email. Try it, hover over links to examine the source URL. Note: I have re-coded Click here To Cancel This Transaction to report youtubewom.com as phishing site to Google.

    In the original phishing email, hovering over Click here To Cancel This Transaction pointed to spam site youtubeworm.com. 


    Reading email in Outlook 2013 generated pop-up "Click to follow link"

Report Phishing URLs at Google now 

If you have recieved this email take further action now by click the link below. Hover over the Click here To Cancel This Transaction link and match the URL and click on the match link to report them as phishing to Google.

  1. https://www.google.com/safebrowsing/report_phish/?hl=en&url=youtubewom.com

If you don't see your URL here add a comment below.

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

2 comments:

  1. What happens if I clicked the link? What should I do?

    ReplyDelete
    Replies
    1. Most likely you'll be infected with a trojan/virus/malware or any one of the above. I would recommend do a full scan of your computer with Kapersky, here's a link to their free online scan - http://www.kaspersky.com/free-virus-scan

      Delete