Imposters Send Spam from Fake Apple Online Store

by Christopher on June 7, 2011

There’s a new presumed phishing campaign underway involving spam email messages alleging to be from Apple’s online store. The emails contain links that take you to a dummy website set up to closely resemble the website from which Apple users can purchase the company’s products. However, the fake website’s offerings are apparently limited to software.

So far, the spam messages have come from an obviously fake email address consisting of a meaningless string of characters followed by @live.com. Legitimate Apple store emails only originate from email addresses ending with @apple.com. However, as word circulates outing this new phishing campaign, the responsible spammers may begin more realistically spoofing Apple email addresses.

Links in the spam messages go through a series of redirects, finally loading a website with the URL appledownload.com. The real online store operated by Apple is located at the address store.apple.com.

The About page on the spam website is written in obvious ESL-speak, as is usually the case with spam originating from foreign, non-English-speaking countries. Indeed, though the copy claims the website is based in San Francisco, a quick WhoIs lookup reveals it to be registered to a Lyubov Bushmakina in St. Petersburg, Russia. Which doesn’t sound quite right.

Observant commenters on Apple-related blogs point out a common theme among these spam messages. It seems the phishing emails are going to email addresses previously used to register for the MacHeist bundle. This is not farfetched, considering MacHeist’s mailing list processor, iContact, was hacked in early 2010. The security breach resulted in spammers acquiring subscriber email addresses. It makes sense that such a mailing list would be used in spam targeting Apple users.

If you shop at Apple’s online store, always go directly to it by typing its URL into your browser’s address bar. Never follow links sent in email, especially unsolicited email. Just because a link appears to lead to the right website doesn’t necessarily mean it does.

In addition, Apple assures its customers that it never requests personal information, such as passwords or credit card numbers, via email. Should you receive an email using their name that you suspect is not legitimate, Apple offers these instructions: “if you do receive an email that arouses your suspicions, select all the text in the message and use the Forward as Attachment command in the Message menu in Mac OS X Mail or the Action menu in Outlook to send it to [email protected]

Posted in: Phishing

Previous post:

Next post: