There is currently an email being distributed that reads Unauthorised iTunes Purchase.
The interesting point about this one is the phishing URL. It is a pass through/ redirect from a genuine Google URL https://www.google.com/url?gc=PAH96di-ZUnHVlY&q=%68%74tp%3a%2f%2Fdl6.c1l%2eus%2FSb7ouez&sa=D&usg=AFQjCNEQ84I8qa2xYHVEKwXmJMrXG0_GhA which bounces via another url http://dl6.c1l.us/Sb7ouez to end up on http://18.104.22.168/datacare/login/auth/dc347f94af30dff3ce1efd53f335d0e7/low_aa/
I had no idea that you could use google, especially a HTTPS (secure site) link to pass through to a phishing or any other site. Almost anybody seeing a google link will think that it is safe
Obviously this is a big security risk that Google servers allow this sort of divert or pass through and it needs to be plugged
There are more details on this misuse of the google search open redirect “vulnerability” on Stop Malvertising
The site asks for your Apple ID and password, then sends you to a page saying
My Apple ID
It looks like someone used your data to make unverified purchase.
We need to be sure that you’re real holder of this account and match the information you will provide us now with the information in our databases. Please make sure your information is correct before submitting it to us or it may cause further delays.
Then wants you to fill in the form to give them your Name, address, Date of Birth, Credit card details, Mobile phone number etc. Everything they need to take over your identity in the virtual world as well as clear out all your bank and credit card accounts
It will then bounce you to the correct Apple page