Alert Summary:
| Phishing: Apple Account Suspended www1-apple.com phishing emails saying that Due tο a prοblem with sοme of your accοunt infοrmatiοn, we have tempοrarily lοcked yοur accοunt. |
Sample Message headers:
From: Apple {do_not_reply@eur.apple.com} Subject: Apple Account Suspended - Apple.com |
Sample Message body:
|
This
is an automated message, please do not reply. |
Dear Αpple Custοmer,
Due tο a prοblem with sοme of your accοunt
infοrmatiοn, we have tempοrarily lοcked yοur accοunt.
Whilst yοur
accοunt is lοcked yοu will be unable tο use services such as the Αpp Stοre /
iΤunes store and usage of iClοud will be limited.
To unlοck your accοunt
we need you to update your accοunt infοrmatiοn.
Click the following link
to update the infοrmatiοn on your accοunt. |
Update now > |
The
reasοn we sent yοu this email is because ΑppΙe takes security very seriοusly and
we need tο ensure that we have the mοst up tο date infοrmatiοn οn file fοr οur
custοmers tο prevent unauthοrised use.
It may just be that yοur payment
methοd has expired or your accοunt infοrmatiοn is incomplete. |
In
οrder to avοid yοur accοunt being permanently clοsed we require yοu tο update
yοur infοrmation within 24 hοurs οf this email being sent.
If you have
already validated your account within the last 48 hours then you do not have to
do anything, simply ignore this message. |
ΑppΙe
Suppοrt
Case Ref: 481,077-00-30-8 |
|
|
The above link to Apple site,
doesn't take you there but instead takes you to a fake phishing site:
The above URL redirector site, takes you to this domain:
http://www1-apple.com/signin?sslchannel=true |
The fake phishing site above looks like this:
At first glance, it looks like the genuine apple.com
but look closely....
www1-apple.comThe fake apple domain was recently set-up, details here:
Domain Name: WWW1-APPLE.COM
Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Name Server: RS133.REGISTRAR-SERVERS.COM
Name Server: RS33.REGISTRAR-SERVERS.COM
Updated Date: 26-jan-2015
Creation Date: 26-jan-2015
Expiration Date: 26-jan-2016
Domain Name: WWW1-APPLE.COM
Registry Domain ID:
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2015-01-26T22:21:54Z
Creation Date: 2015-01-26T22:21:53Z
Registrar Registration Expiration Date: 2016-01-26T22:21:53Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1-2013775952
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: David Ayeni
Registrant Organization: N/A
Registrant Street: 132 Victoria Road
Registrant City: London
Registrant State/Province: London
Registrant Postal Code: RM1 2NX
Registrant Country: GB
Registrant Phone: +44.02039483949
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: davidayeni823@gmail.com
|
The fake phishing site will also ask you to hand over your credit card details too....
Cheers,
Steve
Sanesecurity.com