Saturday, 7 March 2015

Your Apple account recently made a fraudulent payment

Alert Summary:

Your Apple account recently made a fraudulent payment phishing emails

Sample Message headers:
Subject: Aplle Verification required
Subject: Apple action required
Subject: Apple ID action required
Subject: Apple new warning
Subject: Apple payment fraud alert
Subject: Apple temporary locked
Subject: Fraud alert on iCloud
Subject: iCloud account locked
Subject: iCloud action required
Subject: iCloud fraud alert
Subject: iCloud ID action required
Subject: iCloud new warning
Subject: iCloud temporary locked
Subject: New Warning on Apple
Subject: New warning on iCloud
Subject: Verify your Apple account
Subject: Verify your Apple ID
Subject: Verify your iCloud account
Subject: Verify your iCloud ID

From: "Apple Co."
From: "Apple Ltd."
From: "Apple Org."
From: "Apple SarL"
From: "Apple support"
From: "AppleID Support"
From: "CloudID Support"
From: "iCloud Co."
From: "Icloud Ltd."
From: "iCloud Org."
From: "iCloud SarL"
From: "iCloud support"
From: "iCloud Support"
From: "Your Apple support"
Sample Message body:

Dear client
Your Apple account recently made a fraudulent  payment .
To reverse this payment you must verify your account

Verify Now

Why you received this email.

Apple request verification whenever a fraudulent payment has been made .

If you didn't make this change or if you believe an unauthorized person is attempting to access your account, you can reset your password by going to My Apple ID

Apple Support

 The Url to the fake site is:

The fake phishing site above looks like this:
The fake apple domain was recently set-up, details here:
Registry Domain ID: 1907324668_DOMAIN_COM-VRSN
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2015-03-06T18:43:04Z
Creation Date: 2015-03-05T17:23:29Z
Registrar Registration Expiration Date: 2016-03-05T17:23:29Z
Registrar: TLD Registrar Solutions Ltd.
Registrar IANA ID: 1564
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +44.2034357312
Registry Registrant ID: 
Registrant Name: Danuta Kowalska
Registrant Organization: 
Registrant Street: 10 sezam street
Registrant City: ny
Registrant State/Province: 
Registrant Postal Code: 82819
Registrant Country: US
Registrant Phone: +1.3328189192
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email:
Registry Admin ID: 
Admin Name: Danuta Kowalska
Admin Organization: 
Admin Street: 10 sezam street
Admin City: ny
Admin State/Province: 
Admin Postal Code: 82819
Admin Country: US
Admin Phone: +1.3328189192
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email:
The fake phishing site will also ask you to hand over your credit card details too....


No comments: