Sunday, 4 January 2015

Apple account suspended or Apple account deactivated phishing

Apple account suspended, iCloud Account verification failed or Apple account deactivated phishing run.
using, and

The Apple phishing emails,which were reported on the blog earlier, are the same... just using different

Lots of different From addresses and Subjects.

Sample Message headers:
From: "Apple Org" {}
Subject: Account temporarily suspended - action required

From: "AppleID Support" {}
Subject: Your Apple account requires verification

From: "Your Apple support" {}
Subject: Account information expired

From: "Apple Co" {}
Subject: Account deactivated - action required

From: "Apple Org" {}
Subject: Account information update required

From: "Apple support" {}
Subject: Your account information needs to be updated

From: "AppleID Support" {}
Subject: Billing information update required

From: "Apple Ltd" {}
Subject: Please update your account details

From: "Apple Co" {}
Subject: Please confirm your billing details

From: "AppleID Support" {}
Subject: Apple account verification required

From: "Your Apple support" {}
Subject: Please update your account details

From: "Your Apple support" {}
Subject: Billing information expired

From: "Apple Org" {}
Subject: Billing information update required

From: "Your Apple support" {}
Subject: Account verification failed

From: "Apple SarL" {}
Subject: Please confirm your account details

From: Apple Co }}
Subject: iCloud Account verification failed

Sample Message body:
Dear customer,
It has come to our attention that the Billing Information associated with your account are out of date. To maintain account safety and to ensure that the account is in the right hands it is required for you to update your Billing information.
Failure to update your records within 7 days will result in account termination.
Click on the reference link below and update your billing information on the following page to complete account verification:
Apple Customer Support

The above link to Apple site, doesn't take you there but instead takes you to a fake phishing site:
The fake phishing site above looks like this:
The fake apple domain was recently set-up, details here:
Registry Domain ID: 1893957567_DOMAIN_COM-VRSN
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2015-01-04T15:37:30Z
Creation Date: 2015-01-04T05:12:30Z
Registrar Registration Expiration Date: 2016-01-04T05:12:30Z
Registrar: TLD Registrar Solutions Ltd.
Registrar IANA ID: 1564
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +44.7546458118
Domain Status: clientTransferProhibited
Registry Registrant ID: 
Registrant Name: Dawid Nowak
Registrant Organization: 
Registrant Street: 531 HOOVER STREET
Registrant City: Napa
Registrant State/Province: California
Registrant Postal Code: 94559
Registrant Country: US
Registrant Phone: +1.4850649783
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email:
The fake phishing site will also ask you to hand over your credit card details too....


No comments: