Tuesday, 30 December 2014

Apple Account phishing

Overnight there's been a big Apple phishing push, no doubt timed for Apple based Christmas presents
that people have received.

Lots of different From addresses and Subjects.

Sample Message headers:
From: "Apple Org" {support@apple.cm}
Subject: Account temporarily suspended - action required

From: "AppleID Support" {support@apple.cm}
Subject: Your Apple account requires verification

From: "Your Apple support" {zonaprieta@moldran.com}
Subject: Account information expired

From: "Apple Co" {skearney@packeteer.com}
Subject: Account deactivated - action required

From: "Apple Org" {support@apple.cm}
Subject: Account information update required

From: "Apple support" {mclean@libtrade.com}
Subject: Your account information needs to be updated

From: "AppleID Support" {angie.gonzalez@investrmi.com}
Subject: Billing information update required

From: "Apple Ltd" {support@apple.cm}
Subject: Please update your account details

From: "Apple Co" {webmaster@sbcglobal.net}
Subject: Please confirm your billing details

From: "AppleID Support" {support@apple.cm}
Subject: Apple account verification required

From: "Your Apple support" {support@apple.cm}
Subject: Please update your account details

From: "Your Apple support" {support@apple.cm}
Subject: Billing information expired

From: "Apple Org" {enji_murata@jedstock.com}
Subject: Billing information update required

From: "Your Apple support" {support@apple.cm}
Subject: Account verification failed

From: "Apple SarL" {support@apple.cm}
Subject: Please confirm your account details

Sample Message body:
Dear customer,
It has come to our attention that the Billing Information associated with your account are out of date. To maintain account safety and to ensure that the account is in the right hands it is required for you to update your Billing information.
Failure to update your records within 7 days will result in account termination.
Click on the reference link below and update your billing information on the following page to complete account verification:
Thanks,
Apple Customer Support

The above link to Apple site, doesn't take you there but instead takes you to a fake phishing site:
h t t p://authorize-icloud DOT com/uk/index.html
The fake phishing site above looks like this:

Cheers,

Steve
Sanesecurity.com

1 comment:

Anonymous said...

New one received today - tries to take you to:
http://appleidsecurity.co.uk

Whois says only setup/registered this morning

Domain name:
appleidsecurity.co.uk

Registrant:
Sarah Harris

Registrant type:
Unknown

Registrant's address:
381 Wimbledon Park Road
Lodnon
Greater London
SW19 6PE
United Kingdom