Fraudulent Apple ID notification spamming Irish emails

Posted on by ESET Ireland

appleID

ESET Ireland warns of another scam making the rounds in Ireland. A fraudulent notification of a purchase made via Apple ID results in cybercriminals collecting log-in passwords.

While the concept of fake notifications is nothing new, cybercriminals keep coming up with new variations on the old scam. This time the email message, that is being spammed to Irish email addresses, claims your Apple ID has been used for an App Store purchase and that you should “reset your password” if you didn’t make the purchase. The full message reads:

Subject: Your recent download with your Apple ID

From: Apple appxxx@apple-store-co.com

Your Apple ID was just used to download Defender of the Crown from the App Store on a computer or device that had not previously been associated with that Apple ID.

Order Number: RDCSWA281OD
Order total: 12.21 £

If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

If you did not initiate this download, we recommend that you go to iTunes Payment Cancellation Form to change your password, then

See Apple ID: Tips for protecting the security of your account for further assistance.

Regards,
Apple

Because the victim, of course, didn’t make any purchase, they are lead to believe someone abused their Apple ID and they click on the suggested link to change their password. But the link leads to a faked iTunes site, which harvests passwords, so that the cybercriminals can then actually log into the victim’s account and abuse it.

This scam is clever in that it already acknowledges that people are becoming increasingly suspicious of online fraud and incorporates this into its own scamming strategy. ESET Ireland recommends that every such “confirmation email” you may receive, is treated with scepticism and clicking any links within it should be avoided, as in most cases they lead to faked websites, which may not only harvest your passwords but also try to infect you with drive-by malware.

by Urban Schrott, ESET Ireland

6 thoughts on “Fraudulent Apple ID notification spamming Irish emails

  1. I have a similar e-mail . It wqs addressed from my e-mail address to my e-mailaddress and the subject was Your Apple ID was just used to download Photoshop Touch…” I had not downladed it; in fact I wouldn’t know how to! It invited me to reset my Apple ID. I’m suspicious it is a scam. Please can anyone advise?

    Reply

    1. All such requests should be ignored and flagged as spam. If you’re unsure, just log into your Apple account and check for any such “notifications” there, rather than clicking any link sent in an email.

      Reply

  2. Yes, this has happened to me twice this week. This time it says that the purchase was made in Spain. When I hover the pointer over the iforgot.apple.com link, the actual site if for coreyscorner.com (whatever that is, I don’t even want to try). But when I type iforgot.apple.com manually into Chrome it send me to the Spanish speaking version of the site. Has someone hacked my Apple ID? I don’t even use it. And why would anyone want to purchase something on my account, unless the scammers think I’ll be greedy and try to claim the item as my own…

    Reply

    1. They have not hacked into your account, but want to lure you into clicking on their links and hand over your log-in details there. To check what purchase, if any, was actually made, just log in directly into your Apple account and there you’ll likely see they scammers just made it up.

      Reply

Leave a comment