email received that says Unauthorised iTunes Purchase
The interesting point about this one is the phishing URL. It is a pass through/ redirect from a genuine Google URL https://www.google.com/url?gc=PAH96di-ZUnHVlY&q=%68%74tp%3a%2f%2Fdl6.c1l%2eus%2FSb7ouez&sa=D&usg=AFQjCNEQ84I8qa2xYHVEKwXmJMrXG0_GhA which bounces via another url http://dl6.c1l.us/Sb7ouez to end up on http://220.127.116.11/datacare/login/auth/dc347f94af30dff3ce1efd53f335d0e7/low_aa/
I had no idea that you could use google, especially a HTTPS (secure site) link to pass through to a phishing or any other site. Almost anybody seeing a google link will think that it is safe
Obviously this is a big security risk that Google servers allow this sort of divert or pass through and it needs to be plugged
There are more details on this misuse of the google search open redirect “vulnerability” on Stop Malvertising
The site asks for your Apple ID and password, then sends you to a page saying
My Apple ID
It looks like someone used your data to make unverified purchase.
We need to be sure that you’re real holder of this account and match the information you will provide us now with the information in our databases. Please make sure your information is correct before submitting it to us or it may cause further delays.
Then wants you to fill in the form to give them your Name, address, Date of Birth, Credit card details, Mobile phone number etc. Everything they need to take over your identity in the virtual world as well as clear out all your bank and credit card accounts
It will then bounce you to the correct Apple page
Your AppleID was recently used to buy the “GlobalCall” from the iTunes Store on a Personal Computer or another device that hadn’t previously been connected with your AppleID.
This purchasing was detected from 18.104.22.168 (Astrahan, Russia). .
If you are the one who made the buying, you may ignore this message. It was sent to you only to warn you in case you did not make the action by yourself.
If you did not make this operation, we recommend that you urgently verify your AppleID:
Anyway, your financial data are in safe on Apple security servers. Remember, that Apple will never send you a request to expose your financial details via e-mail or via phone.
Copyright É 2014 Apple Inc. Please do not reply to this email because we are not monitoring this inbox. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page. Copyright 2014 Apple Inc. All rights reserved. Email ID PP1361262.