Apple ID Scam: Part 3 - Your Apple ID is on Hold

Sunday, October 25. 2015

One of my honey traps got one interesting one. Typiacally the junk is 419 scams, and with all the variations, twists and quirks, they offer very little worth reporting. I have written posts about Apple ID scams earlier, part 1 and part 2.

This is how the "roper" is trying to lure me in. He chose to impersonate the CEO of Apple Inc, Mr. Cook. Really believable, IMHO. :-)

Here goes:

Dear Customer,

We have detected an unauthorized sign in on your Apple ID (me@my.mail)

We have temporarily locked your Apple ID for your safety.
While your Apple ID is locked access to Apple software and your iCloud is limited.

In order to unlock your Apple ID Account please click here.


Privacy

Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services like Apple Pay. And we continue to make improvements. Two-step verification, which we encourage all our customers to use, in addition to protecting your Apple ID account information, now also protects all of the data you store and keep up to date with iCloud.

We believe in telling you up front exactly what's going to happen to your personal information and asking for your permission before you share it with us. And if you change your mind later, we make it easy to stop sharing with us. Every Apple product is designed around those principles. When we do ask to use your data, it's to provide you with a better user experience.


Our commitment to protecting your privacy comes from a deep respect for our customers. We know that your trust doesn't come easy. That's why we have and always will work as hard as we can to earn and keep it.

Tim Cook
CEO, Apple Inc.

Sure, it could have been true. It could be possible, that my Apple ID was put into hold because somebody attempted to hack it, but it wasn't.

Findings:

  • The Apple logo in the HTML-version of the e-mail was loading from http://i.imgur.com/zGVkgD1.png. I don't think Apple corporation would do that.
  • The link to unlock pointed into http://support.apple.com.en-gb.confirm.id.auth.cgi-key.myapple-unlock.web.user.<THIS-PART-REMOVED>.com, which really doesn't sound something that Apple would use.
    • Actually, at the time of writing, entire domain was removed. It's not available, no DNS, no nothing.
  • The domain was registered via Todaynic.com, Inc. That is a Chinese domain-company. Really! I'm sure Apple wouldn't use them.
  • Registrant for the domain was a private person, allegedly living in Beijing, China.
  • The e-mail has following route:
    1. Original client at Suddenlink Communications DHCP-pool. IP has location of Greenwood, Mississippi, USA
    2. Mail relay via Power DNN of Omaha, Nebraska, USA
    3. Google Mail
    4. Me
  • Mail route doesn't make any sense. All my real Apple e-mail originates from Apple directly, not via obscure teleoperators.

I think that's plenty of proof to call that one a fake! :-)

by Jari Turkia in Security at 17:27 | Comments (0) | Share in LinkedIn

Comments
Display comments as (Linear | Threaded)

No comments


Add Comment
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

Submitted comments will be subject to moderation before being displayed.

Calendar

Mon Tue Wed Thu Fri Sat Sun
Back November '24 Forward
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Quicksearch

Archives

Categories

RSS feeds of this Blog

Blog Administration

Open login screen

Powered by

Parts of this serendipity template are by Abdussamad Abdurrazzaq and Jari Turkia. License