Wednesday, 28 January 2015

phishing: Apple Account Suspended www1-apple.com

Alert Summary:

Phishing: Apple Account Suspended www1-apple.com phishing emails saying that Due tο a prοblem with sοme of your accοunt infοrmatiοn, we have tempοrarily lοcked yοur accοunt.

Sample Message headers:
From: Apple {do_not_reply@eur.apple.com}
Subject: Apple Account Suspended - Apple.com
Sample Message body:

This is an automated message, please do not reply.

Dear Αpple Custοmer,

Due tο a prοblem with sοme of your accοunt infοrmatiοn, we have tempοrarily lοcked yοur accοunt.

Whilst yοur accοunt is lοcked yοu will be unable tο use services such as the Αpp Stοre / iΤunes store and usage of iClοud will be limited.

To unlοck your accοunt we need you to update your accοunt infοrmatiοn.

Click the following link to update the infοrmatiοn on your accοunt.
Update now >
The reasοn we sent yοu this email is because ΑppΙe takes security very seriοusly and we need tο ensure that we have the mοst up tο date infοrmatiοn οn file fοr οur custοmers tο prevent unauthοrised use.

It may just be that yοur payment methοd has expired or your accοunt infοrmatiοn is incomplete.
In οrder to avοid yοur accοunt being permanently clοsed we require yοu tο update yοur infοrmation within 24 hοurs οf this email being sent.

If you have already validated your account within the last 48 hours then you do not have to do anything, simply ignore this message.
ΑppΙe Suppοrt

Case Ref: 481,077-00-30-8

The above link to Apple site, doesn't take you there but instead takes you to a fake phishing site:
http://tiny.cc/ty73sx
 The above URL redirector site, takes you to this domain:
http://www1-apple.com/signin?sslchannel=true

The fake phishing site above looks like this:
At first glance, it looks like the genuine apple.com but look closely.... www1-apple.com

The fake apple domain was recently set-up, details here:
Domain Name: WWW1-APPLE.COM
Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Name Server: RS133.REGISTRAR-SERVERS.COM
Name Server: RS33.REGISTRAR-SERVERS.COM
Updated Date: 26-jan-2015
Creation Date: 26-jan-2015
Expiration Date: 26-jan-2016

Domain Name: WWW1-APPLE.COM
Registry Domain ID: 
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2015-01-26T22:21:54Z
Creation Date: 2015-01-26T22:21:53Z
Registrar Registration Expiration Date: 2016-01-26T22:21:53Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1-2013775952
Domain Status: clientTransferProhibited
Registry Registrant ID: 
Registrant Name: David Ayeni
Registrant Organization: N/A
Registrant Street: 132 Victoria Road   
Registrant City: London
Registrant State/Province: London
Registrant Postal Code: RM1 2NX
Registrant Country: GB
Registrant Phone: +44.02039483949
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: davidayeni823@gmail.com
The fake phishing site will also ask you to hand over your credit card details too....
Cheers,

Steve
Sanesecurity.com

2 comments:

Anonymous said...

Thanks for this! I was tempted to verify everything. You've saved me a lot of hassle, and very possibly a lot of money. x

Anonymous said...

I just received an email confirming a purchase with www1-apple.com. It even sounded like something I might have purchased, but did not!! Be very careful!!
Mark