Apple Security Measures phishing

Share This with your friends and contacts. Help THEM to stay safe:

Quite a big spam run apple phishing today. The bad spelling and grammar should be enough to warn anybody that it is a fake.

The email looks like

From: Apple <online@online.shop>

Date: Thu 02/02/2017 15:30

Subject: Apple Security Measures

Body content:

Dear Apple Customer

We have faced some problems with your account Please confirm your billing details, If you do not confirm your account within 24 hours it will be Permenatly Closed ! To update your account, just confirm your informations, It’s easy: Click Here to Update www.apple.com/support/update Click the link below to open a secure browser window. Confirm that you’re the owner of the account, and then follow the instructions. Apple !,

Itunes

Get help online Visit Apple Support to learn more about your product, download software updates, and much more.

Join the conversation Find and share solutions with Apple users around the world.

The link in the email goes to http://www.interwurlitzer.com/mc.html which redirects you to http://www.bdic.ca/mardei/Itunes/apple/ where you see the typical Apple phishing page

Update 3 February 2017: now redirecting to http://beere.ca/morbid/Itunes/apple/

Share This with your friends and contacts. Help THEM to stay safe:

Comments

Apple Security Measures phishing — 5 Comments

Nyebodnye on 2 February 2017 10:19 pm at 10:19 pm said:

I personally have the word ‘informations’ in my bad spam words dictionary. The only legitimate emails I ever get with this word seem to be from French speaking people. I’m guessing the perpetrators are North or West African or some other French speaking country. I’m going to guess Tunisia, they seem proud of their hackers.

Reply ↓
Nyebodnye on 2 February 2017 10:31 pm at 10:31 pm said:

Funny thing about this campaign – we have thousands of users. We received 24 that were all rejected, then they just gave up. Almost like they weren’t in control of a botnet. Some of the message ID’s are also bizarre –
Make up your mind! Are you Apple or Paypal ? LOL

Reply ↓
Nyebodnye on 2 February 2017 11:35 pm at 11:35 pm said:

I sometimes go phishing for phishers. Phishers are sometimes lazy and leave things behind. If the URL is hxxp://www.bdic.ca/mardei/Itunes/apple/ I try hxxp://www.bdic.ca/mardei/Itunes, then hxxp://www.bdic.ca/mardei/, then hxxp://www.bdic.ca/mardei/Itunes/apple/appl.zip, hxxp://www.bdic.ca/mardei/Itunes/apple/apple.zip … etc.
Sometimes I find a zip file they have left behind. If they have, I look through their PHP source code and find the email address they are sending the results to, or the txt file they are submitting it to.
I do things with these email addresses and text files.
Beware phishers!

Reply ↓
Nyebodnye on 2 February 2017 11:38 pm at 11:38 pm said:

@NEntered got phish fails

Reply ↓
PC Tech on 3 February 2017 11:11 am at 11:11 am said:

interwurlitzer .com: 87.229.45.133: https://www.virustotal.com/en/ip-address/87.229.45.133/information/
> https://www.virustotal.com/en/url/b3f673a5be4a48fdae3c0c149a0a2bbd5313113a4908796f68a58a61051ac7f8/analysis/
bdic .ca: 67.212.91.221: https://www.virustotal.com/en/ip-address/67.212.91.221/information/
> https://www.virustotal.com/en/url/0b430f5f53a594afa4a2c1c5538c23dc12848e15caae36ac0ea093ef7b323e95/analysis/

//

Reply ↓

My Online Security

Keep yourself safe online

Apple Security Measures phishing

Comments

Apple Security Measures phishing — 5 Comments

Leave a Reply to Nyebodnye Cancel reply