Saturday, 7 March 2015

Your Apple account recently made a fraudulent payment

Alert Summary:

Your Apple account recently made a fraudulent payment phishing emails

Sample Message headers:
Subject: Aplle Verification required
Subject: Apple action required
Subject: Apple ID action required
Subject: Apple new warning
Subject: Apple payment fraud alert
Subject: Apple temporary locked
Subject: Fraud alert on iCloud
Subject: iCloud account locked
Subject: iCloud action required
Subject: iCloud fraud alert
Subject: iCloud ID action required
Subject: iCloud new warning
Subject: iCloud temporary locked
Subject: New Warning on Apple
Subject: New warning on iCloud
Subject: Verify your Apple account
Subject: Verify your Apple ID
Subject: Verify your iCloud account
Subject: Verify your iCloud ID

From: "Apple Co."
From: "Apple Ltd."
From: "Apple Org."
From: "Apple SarL"
From: "Apple support"
From: "AppleID Support"
From: "CloudID Support"
From: "iCloud Co."
From: "Icloud Ltd."
From: "iCloud Org."
From: "iCloud SarL"
From: "iCloud support"
From: "iCloud Support"
From: "Your Apple support"
Sample Message body:

Dear client
Your Apple account recently made a fraudulent  payment .
To reverse this payment you must verify your account

Verify Now

Why you received this email.

Apple request verification whenever a fraudulent payment has been made .

If you didn't make this change or if you believe an unauthorized person is attempting to access your account, you can reset your password by going to appleverificationfor-uk.com/verifyuknow My Apple ID

Apple Support

 The Url to the fake site is:
appleverificationfor-uk.com/verifyuknow

The fake phishing site above looks like this:
The fake apple domain was recently set-up, details here:
Domain Name: APPLEVERIFICATIONFOR-UK.COM
Registry Domain ID: 1907324668_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tldregistrarsolutions.com
Registrar URL: http://www.tldregistrarsolutions.com
Updated Date: 2015-03-06T18:43:04Z
Creation Date: 2015-03-05T17:23:29Z
Registrar Registration Expiration Date: 2016-03-05T17:23:29Z
Registrar: TLD Registrar Solutions Ltd.
Registrar IANA ID: 1564
Registrar Abuse Contact Email: abuse@tldregistrarsolutions.com
Registrar Abuse Contact Phone: +44.2034357312
Reseller: 
Registry Registrant ID: 
Registrant Name: Danuta Kowalska
Registrant Organization: 
Registrant Street: 10 sezam street
Registrant City: ny
Registrant State/Province: 
Registrant Postal Code: 82819
Registrant Country: US
Registrant Phone: +1.3328189192
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: danuta-kowalska88@wp.pl
Registry Admin ID: 
Admin Name: Danuta Kowalska
Admin Organization: 
Admin Street: 10 sezam street
Admin City: ny
Admin State/Province: 
Admin Postal Code: 82819
Admin Country: US
Admin Phone: +1.3328189192
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: danuta-kowalska88@wp.pl
The fake phishing site will also ask you to hand over your credit card details too....
Cheers,

Steve
Sanesecurity.com

No comments: