Email Phishing – Unauthorised iTunes Purchase

There is currently an email being distributed that reads Unauthorised iTunes Purchase.

The interesting point about this one is the phishing URL. It is a pass through/ redirect from a genuine Google URL https://www.google.com/url?gc=PAH96di-ZUnHVlY&q=%68%74tp%3a%2f%2Fdl6.c1l%2eus%2FSb7ouez&sa=D&usg=AFQjCNEQ84I8qa2xYHVEKwXmJMrXG0_GhA which bounces via another url http://dl6.c1l.us/Sb7ouez to end up on http://111.90.144.179/datacare/login/auth/dc347f94af30dff3ce1efd53f335d0e7/low_aa/

I had no idea that you could use google, especially a HTTPS (secure site) link to pass through to a phishing  or any other site. Almost anybody seeing a google link will think that it is safe

Obviously this is a big security risk that Google servers allow this sort of divert or pass through and it needs to be plugged

There are more details on this misuse of the google search open redirect “vulnerability” on Stop Malvertising

The site asks for your Apple ID and password, then sends you to a page  saying

My Apple ID

It looks like someone used your data to make unverified purchase.

We need to be sure that you’re real holder of this account and match the information you will provide us now with the information in our databases. Please make sure your information is correct before submitting it to us or it may cause further delays.

Thank you.

Then wants you to fill in the form to give them your Name, address, Date of Birth, Credit card details, Mobile phone number etc. Everything they need to take over your identity in the virtual world as well as clear out all your bank and credit card accounts

It will then bounce you to the correct Apple page

Leave a reply

Your email address will not be published. Required fields are marked *