Thursday, 22 January 2015

Apple ID Locked - Apple.com

Alert Summary:

Apple ID Locked - Apple.com phishing emails saying that Due tο a prοblem with sοme of your accοunt infοrmatiοn, we have tempοrarily lοcked yοur accοunt.

Sample Message headers:
From: Apple {do_not_reply@eur.apple.com}
Subject: Apple ID Locked - Apple.com
Date: Thu, 22 Jan 2015 11:57:25 GMT
Sample Message body:

Dear Mr Basford,
Due tο a prοblem with sοme of your accοunt infοrmatiοn, we have tempοrarily lοcked yοur accοunt.

Whilst yοur accοunt is lοcked yοu will be unable tο use services such as the App Stοre / iΤunes store and usage of ΑppΙe iClοud will be limited.

To remove the lοck you just need to update some of your accοunt infοrmatiοn.

Click the following link to update the infοrmatiοn on your accοunt.
Update now >
The reasοn we sent yοu this email is because ΑppΙe takes security very seriοusly and we need tο ensure that we have the mοst up tο date infοrmatiοn οn file fοr οur custοmers tο prevent unauthοrised use. It may simply be that yοur payment methοd has expired or your accοunt infοrmatiοn is incomplete.
In οrder to avοid yοur accοunt being permanently clοsed we require yοu tο update yοur infοrmation within 24 hοurs οf this email being sent.
ΑppΙe Suppοrt

The above link to Apple site, doesn't take you there but instead takes you to a fake phishing site:
http://tiny.cc/appleid-apple
 Currently this redirects to:
http://appleid.apple.com-idmswebauth-login.html-appidkey.account-restoration.net/
The fake phishing site above looks like this:
The fake apple domain was recently set-up, details here:
 Domain Name: ACCOUNT-RESTORATION.NET
   Registrar: GODADDY.COM, LLC
   Sponsoring Registrar IANA ID: 146
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com
   Name Server: NS43.DOMAINCONTROL.COM
   Name Server: NS44.DOMAINCONTROL.COM
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 21-jan-2015
   Creation Date: 03-jan-2015
   Expiration Date: 03-jan-2016
Registry Domain ID: 1893834442_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2015-01-21T22:32:53Z
Creation Date: 2015-01-03T01:06:58Z
Registrar Registration Expiration Date: 2016-01-03T01:06:58Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Registry Registrant ID: 
Registrant Name: Martin Fillmore
Registrant Organization: 
Registrant Street: Top Floor Flat
Registrant Street: 14 Oaklands Grove
Registrant City: London
Registrant State/Province: 
Registrant Postal Code: W12 0JA
Registrant Country: United Kingdom
Registrant Phone: +44.7455959484
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: martinfillmore@gmail.com
The fake phishing site will also ask you to hand over your credit card details too....
Cheers,

Steve
Sanesecurity.com

No comments: