I got this notice from Apple iTunes this morning and I just wonder if it's a phishing thing happening? Your Apple ID was just used to download FOOTBALL MANAGER HANDHELD 2014
from the App Store on a computer or device that had not previously been
associated with that Apple ID.
ORDER NUMBER: QWACVW291HD
ORDER TOTAL: 9.35 CAD
If you initiated this download, you can disregard this email. It was only sent to
alert you in case you did not initiate the download yourself.
If you did not initiate this download, we recommend that you go to
ITUNES PAYMENT Cancellation Form
Thank you." In the iTunes cancellation form, they ask for my Apple ID and password. I know I didn't download anything in the last 24 hrs., but how would I confirm whether the message is from apple or not. There was $7.34 charged to my credit card account so maybe it was illegitimate. Is there a site where I can verify this?
Is this a phishing expedition?
Moderator: Wiz Feinberg
-
John Lacey
- Posts: 2388
- Joined: 6 Jan 1999 1:01 am
- Location: Black Diamond, Alberta, Canada
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
John;
If this message you got was an email, you can expose the source code and see where the clickable links actually go. Or, if you read it on a computer, rather than a hand held device, hover over the links and the true URL should appear in a "status bar" on the bottom of the email client. See if they actually go to a real Apple or iTunes URL. Check your own bookmarks from your last purchase to get a legit URL.
You can also just log into your apple store/iTunes account and look for notifications/messages. If this is legit, the same message will appear in your online account.
With the source code exposed, read the header details. The routing of the email shows the last stop near the top. If the domain is apple, the message was probably sent from there (I said probably). You are still safer just logging in directly and not clicking on links in an email.
If this message you got was an email, you can expose the source code and see where the clickable links actually go. Or, if you read it on a computer, rather than a hand held device, hover over the links and the true URL should appear in a "status bar" on the bottom of the email client. See if they actually go to a real Apple or iTunes URL. Check your own bookmarks from your last purchase to get a legit URL.
You can also just log into your apple store/iTunes account and look for notifications/messages. If this is legit, the same message will appear in your online account.
With the source code exposed, read the header details. The routing of the email shows the last stop near the top. If the domain is apple, the message was probably sent from there (I said probably). You are still safer just logging in directly and not clicking on links in an email.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
-
John Lacey
- Posts: 2388
- Joined: 6 Jan 1999 1:01 am
- Location: Black Diamond, Alberta, Canada
-
Dave Potter
- Posts: 1565
- Joined: 15 Apr 2003 12:01 am
- Location: Texas
Re: Is this a phishing expedition?
That thing's full of red flags. How do you "cancel" an app you've already paid for? And last 24 hours aside, did you buy that app, or not? If not, somebody's trying to get your AppStore account info. I'd be using WhoIs lookup to see who the IP addresses in the message headers belong to.John Lacey wrote:In the iTunes cancellation form, they ask for my Apple ID and password. I know I didn't download anything in the last 24 hrs., but how would I confirm whether the message is from apple or not. There was $7.34 charged to my credit card account so maybe it was illegitimate. Is there a site where I can verify this?
I sure wouldn't turn over my ID and password to somebody by email. And I'd want to know from my bank who charged the $7.34, and what it was for, especially since it differs from the app amount of "$9.35". I'd "dispute" it, at a minimum, if it wasn't my charge (and change the password if it came from any account I owned).
-
John Lacey
- Posts: 2388
- Joined: 6 Jan 1999 1:01 am
- Location: Black Diamond, Alberta, Canada
Here's the complete text of the email I received from "Apple ID".
"Your Apple ID was just used to download FOOTBALL MANAGER HANDHELD 2014
from the App Store on a computer or device that had not previously been
associated with that Apple ID.
ORDER NUMBER: QWACVW291HD
ORDER TOTAL: 9.35 CAD
If you initiated this download, you can disregard this email. It was only sent to
alert you in case you did not initiate the download yourself.
If you did not initiate this download, we recommend that you go to
ITUNES PAYMENT Cancellation Form
Thank you." On the up side, I have no connection with football, therefore the question of my interest in the app. Secondly, the statement on my credit card showed my card was charged $7.34, not $9.35. The only transaction done in the last 24 hrs. was crediting Paypal $100. Can. Both numbers sound too high for a fee and besides why would they charge it to iTunes?
"Your Apple ID was just used to download FOOTBALL MANAGER HANDHELD 2014
from the App Store on a computer or device that had not previously been
associated with that Apple ID.
ORDER NUMBER: QWACVW291HD
ORDER TOTAL: 9.35 CAD
If you initiated this download, you can disregard this email. It was only sent to
alert you in case you did not initiate the download yourself.
If you did not initiate this download, we recommend that you go to
ITUNES PAYMENT Cancellation Form
Thank you." On the up side, I have no connection with football, therefore the question of my interest in the app. Secondly, the statement on my credit card showed my card was charged $7.34, not $9.35. The only transaction done in the last 24 hrs. was crediting Paypal $100. Can. Both numbers sound too high for a fee and besides why would they charge it to iTunes?
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
John;
If you care to get the source code, copy and paste it into a private message, or send it as email, through this forum.
Read my sticky topics for help with displaying full email headers and source code. I will need the code for the entire message, not just the headers. If your email client is able to, please forward it AS AN ATTACHMENT to me.
If you care to get the source code, copy and paste it into a private message, or send it as email, through this forum.
Read my sticky topics for help with displaying full email headers and source code. I will need the code for the entire message, not just the headers. If your email client is able to, please forward it AS AN ATTACHMENT to me.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog