uk-authorize-apple.com uk-authorize-icloud.com Apple phishing

Account verification/ Billing information/ billing details/ account details Apple phishing emails,which were reported on the blog earlier, are back again.

Lots of different From addresses and Subjects.

Sample Message headers:

Subject: Account deactivated - action required Subject: Account verification failed Subject: Account verification required Subject: Billing information expired Subject: iCloud Account verification failed Subject: Please confirm your billing details Subject: Please update your account details Subject: Your Apple account requires verification From: "Apple Co" {grand.hotel@maine207.org} From: "Apple Ltd" {michaell@investrmi.com} From: "Apple Org" {aig@stockton-house.com} From: "Apple Org" {alice@city.woodstock.on.ca} From: "Apple SarL" {support@apple.cm} From: "Apple support" {support@apple.cm} From: "AppleID Support" {support@apple.cm} From: "Your Apple support" {noc@stockton-house.com} From: "Your Apple support" {vburke@investmarkfinancial.com}

Sample Message body:

Dear Apple User, We are constantly working to increase security for all our users, and to ensure maximum account security we periodically check and review accounts. Your account has be placed on restricted status as we were unable to verify some of the billing information associated with your account. This can be due to either of the following reasons: 1. A recent change in billing information 2. Invalid billing information entered intially during the registration process. Please note that we are obligated to deactivate accounts that are not verified withing 3 days. In order to complete account verification, please visit the reference link below to update your billing information: www.store.apple.com/account/z3e402/href=account?verification/ Thanks, Apple Online Accounts Support

The above link to Apple site, doesn't take you there but instead takes you to a fake phishing site:

http://uk-authorize-icloud.com/ http://uk-authorize-apple.com/

The fake phishing site above looks like this:

The fake apple domain was recently set-up, details here:

Domain Name: UK-AUTHORIZE-APPLE.COM Registrar: TLD REGISTRAR SOLUTIONS LTD Sponsoring Registrar IANA ID: 1564 Whois Server: whois.tldregistrarsolutions.com Referral URL: http://www.tldregistrarsolutions.com Name Server: NS-CANADA.TOPDNS.COM Name Server: NS-UK.TOPDNS.COM Name Server: NS-USA.TOPDNS.COM Status: clientTransferProhibited Updated Date: 08-jan-2015 Creation Date: 07-jan-2015 Expiration Date: 07-jan-2016 Domain Name: UK-AUTHORIZE-APPLE.COM Registry Domain ID: 1894514293_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.tldregistrarsolutions.com Registrar URL: http://www.tldregistrarsolutions.com Updated Date: 2015-01-08T19:20:30Z Creation Date: 2015-01-07T18:12:24Z Registrar Registration Expiration Date: 2016-01-07T18:12:24Z Registrar: TLD Registrar Solutions Ltd. Registrar IANA ID: 1564 Registrar Abuse Contact Email: abuse@tldregistrarsolutions.com Registrar Abuse Contact Phone: +44.7546458118 Registry Registrant ID: Registrant Name: Marcin Wozniak Registrant Organization: Registrant Street: 212 HOOVER STREET Registrant City: Napa Registrant State/Province: California Registrant Postal Code: 94559 Registrant Country: US Registrant Phone: +1.324710248 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: wozniak-marcin91@wp.pl

The fake phishing site will also ask you to hand over your credit card details too....

Cheers,

Steve
Sanesecurity.com