Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 108 - November 2010 - Page 17

Pages in this month's issue:
  1. Muslims Praying Every Friday in Streets of New York Protest Message
  2. Unfounded Facebook Rumour - Thierry Mairot Wants to Talk to Children About Sex
  3. Security Warning Message - Black Device Connected to Keyboard
  4. Got a pencil? - Amazing Pencil Tip Sculptures by Dalton Ghetti
  5. 'New' Italian Police Car - Lamborghini Crash
  6. 'Interesting Fact' About October 2010 - 5 Fridays, 5 Saturdays, 5 Sundays
  7. Jean Paul Garang Advance Fee Scam
  8. Revamped 'Life Owner' Hoax Uses Name of Real Virus - 'Here You Have It' Hoax Version
  9. Free Blackberry Storm for Forwarding Hoax
  10. Floating Rock 'Miracle' - Surprising Rock in Saudi Arabia
  11. Photographs of Monster Croc Caught at Borroloola
  12. Feeding the Eagles
  13. Corpus Christi - Gay Jesus Movie Hoax
  14. Rejected Federal Tax Payment Phishing Scam Email
  15. 'Bighorn Sheep' On Dam Wall Photographs
  16. Bogus Facebook Rumour - Thomas Cowling Wants to Talk to Children About Sex
  17. Fake iTunes Receipt Email
  18. 809 Area Code Scam Warning Email
  19. Baby Shot With Brad Nailer Prayer Request
  20. Internet Rumour - UNESCO Chooses Indian National Anthem as Best In The World
  21. Pen PC - Pen Shaped Miniature Personal Computer

Issue 108 Start Menu

Previous Article            Next Article

Fake iTunes Receipt Email

Outline
Emailed receipt, purporting to be from online music store iTunes, supposedly provides the recipient with information about a recent purchase.



Brief Analysis
The email is not from iTunes. The purchase details included in the message are invalid. Links in the message open a spam pharmaceutical website that tries to entice visitors to enter their credit card details to purchase products.

Bookmark and Share
Detailed analysis and references below example.



Scroll down to submit comments
Last updated: 8th October 2010
First published: 5th October 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Examples
From: iTunes Store Subject: Your receipt of purchase #156004140076

iTunes Receipt Spam Email 2


From: iTunes Store

Subject: Your receipt #434839824758


iTunes Receipt Spam Email




Detailed Analysis
Soon after a spate of spam emails purporting to be from social network LinkedIn began hitting inboxes, another spam campaign was launched that used the name of popular online music and entertainment store, iTunes. The iTunes spam emails are designed to resemble a genuine iTunes receipt message and includes seemingly genuine iTunes graphics and formatting.

However, these "receipt" messages are fake and do not originate with iTunes. The supposed iTunes transaction listed on the message never took place. Links in many of the bogus message open an infamous Canadian pharmaceutical website long known for its illegal and reprehensible marketing tactics. Links in some versions of the spam messages point to a variety of other spam websites that include suspect "dating" sites and sites offering dubious forex services.

In order to trick recipients into clicking links in the message, the supposed purchase price of several hundred dollars is considerably higher than one would expect for an item like the ones listed. Thus, iTunes account holders who receive the spam emails are more likely to follow the "report a problem" or "purchase history" links in the messages in an attempt to discover more details about the supposed transaction.

Many users who do follow one of the links in the belief that they are going to the official iTunes Store are instead taken to the bogus drugstore website. Some incarnations of this spam website have also been known to contain trojans or other malware. Thus, the intent of the spammers is to try to entice recipients into visiting the online drugstore site in the hope that they will attempt to purchase products, or in some cases, inadvertently infect their computers with malicious software. Dubious online drug sites such as these may also steal credit card and other information from users via bogus order forms. The "order form" on the pharmacy website included in these spam emails is not even a secure (https) page even though it asks for credit card details and other personal information. No legitimate online store would ask for credit card details via an unsecure form.

It should be noted that the real iTunes Store does send out receipt messages after a user has made a purchase. This is a normal and perfectly legitimate part of the company's transaction procedure that will be familiar to many iTunes users. The spammers have capitalized on this user familiarity. If you receive what looks like an official iTunes message, check that the links do point to the iTunes website. If in doubt, do not click links in such emails. Instead, check your transaction record via the iTunes software or via the iTunes website.

Internet criminals have targeted iTunes users in the past. In May 2010, fake iTunes gift certificates that contained a trojan were being distributed.

Bookmark and Share References
Fake LinkedIn Invitation Emails Point to Malware
Difference Between http & https
Check Links in HTML Emails
iTunes Gift Certificate Trojan Email



Previous Article            Next Article

Issue 108 Start Menu

Pages in this month's issue:
  1. Muslims Praying Every Friday in Streets of New York Protest Message
  2. Unfounded Facebook Rumour - Thierry Mairot Wants to Talk to Children About Sex
  3. Security Warning Message - Black Device Connected to Keyboard
  4. Got a pencil? - Amazing Pencil Tip Sculptures by Dalton Ghetti
  5. 'New' Italian Police Car - Lamborghini Crash
  6. 'Interesting Fact' About October 2010 - 5 Fridays, 5 Saturdays, 5 Sundays
  7. Jean Paul Garang Advance Fee Scam
  8. Revamped 'Life Owner' Hoax Uses Name of Real Virus - 'Here You Have It' Hoax Version
  9. Free Blackberry Storm for Forwarding Hoax
  10. Floating Rock 'Miracle' - Surprising Rock in Saudi Arabia
  11. Photographs of Monster Croc Caught at Borroloola
  12. Feeding the Eagles
  13. Corpus Christi - Gay Jesus Movie Hoax
  14. Rejected Federal Tax Payment Phishing Scam Email
  15. 'Bighorn Sheep' On Dam Wall Photographs
  16. Bogus Facebook Rumour - Thomas Cowling Wants to Talk to Children About Sex
  17. Fake iTunes Receipt Email
  18. 809 Area Code Scam Warning Email
  19. Baby Shot With Brad Nailer Prayer Request
  20. Internet Rumour - UNESCO Chooses Indian National Anthem as Best In The World
  21. Pen PC - Pen Shaped Miniature Personal Computer