Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Fake iTunes Receipt Email

Outline
Emailed receipt, purporting to be from online music store iTunes, supposedly provides the recipient with information about a recent purchase.



Brief Analysis
The email is not from iTunes. The purchase details included in the message are invalid. Links in the message open a spam pharmaceutical website that tries to entice visitors to enter their credit card details to purchase products.

Bookmark and Share
Detailed analysis and references below example.



Scroll down to submit comments
Last updated: 8th October 2010
First published: 5th October 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Examples
From: iTunes Store Subject: Your receipt of purchase #156004140076

iTunes Receipt Spam Email 2


From: iTunes Store

Subject: Your receipt #434839824758


iTunes Receipt Spam Email




Detailed Analysis
Soon after a spate of spam emails purporting to be from social network LinkedIn began hitting inboxes, another spam campaign was launched that used the name of popular online music and entertainment store, iTunes. The iTunes spam emails are designed to resemble a genuine iTunes receipt message and includes seemingly genuine iTunes graphics and formatting.

However, these "receipt" messages are fake and do not originate with iTunes. The supposed iTunes transaction listed on the message never took place. Links in many of the bogus message open an infamous Canadian pharmaceutical website long known for its illegal and reprehensible marketing tactics. Links in some versions of the spam messages point to a variety of other spam websites that include suspect "dating" sites and sites offering dubious forex services.

In order to trick recipients into clicking links in the message, the supposed purchase price of several hundred dollars is considerably higher than one would expect for an item like the ones listed. Thus, iTunes account holders who receive the spam emails are more likely to follow the "report a problem" or "purchase history" links in the messages in an attempt to discover more details about the supposed transaction.

Many users who do follow one of the links in the belief that they are going to the official iTunes Store are instead taken to the bogus drugstore website. Some incarnations of this spam website have also been known to contain trojans or other malware. Thus, the intent of the spammers is to try to entice recipients into visiting the online drugstore site in the hope that they will attempt to purchase products, or in some cases, inadvertently infect their computers with malicious software. Dubious online drug sites such as these may also steal credit card and other information from users via bogus order forms. The "order form" on the pharmacy website included in these spam emails is not even a secure (https) page even though it asks for credit card details and other personal information. No legitimate online store would ask for credit card details via an unsecure form.

It should be noted that the real iTunes Store does send out receipt messages after a user has made a purchase. This is a normal and perfectly legitimate part of the company's transaction procedure that will be familiar to many iTunes users. The spammers have capitalized on this user familiarity. If you receive what looks like an official iTunes message, check that the links do point to the iTunes website. If in doubt, do not click links in such emails. Instead, check your transaction record via the iTunes software or via the iTunes website.

Internet criminals have targeted iTunes users in the past. In May 2010, fake iTunes gift certificates that contained a trojan were being distributed.

Bookmark and Share References
Fake LinkedIn Invitation Emails Point to Malware
Difference Between http & https
Check Links in HTML Emails
iTunes Gift Certificate Trojan Email



Last updated: 8th October 2010
First published: 5th October 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer