So I get a call this morning from a family member who is freaking out over a six hundred dollar iTunes invoice. Fortunately I knew this person didn't have an iTunes account (they use mine), so I knew right away it was a fraud. On inspecting the invoice, there were so few errors it's chilling. If this had of been an invoice from the (Acme Widget Company) that I do have an account with .. it's possible it may have worked.
This is particularly evil, since it's associated with the Zeus trojan that steals banking credentials
The quality of phishing emails have dramatically improved as the quality assurance by malware miscreants improves.
On closer inspection, there were three very subtle errors made on this iTunes phishing attack:
- No street address was shown. iTunes receipts always have your street address listed and spamming dirt bags don't have that (we hope).
- Receipts (that I've paid attention to) come with an American style date format .. month / day / year. Canadian or European formats are typically day / month / year or year / month / day. This one is day / month / year.
- Modern corporate invoicing systems don't include leading zeros. Also the quantity and dollar amounts don't add up.
Every web hyper-link in this invoice except for the Apple Store Support and the Apple Legal links point to a non-Apple site. All the links in iTunes invoices point to Apple. In this case, the infected domain was medicineni.com . This is particularly evil, since it's associated with the Zeus trojan that steals banking credentials. Bogus LinkedIn invites have also been confirmed to be coming from the Zeus botnet.
We still need to stay awake to the attacks by these malware miscreants, because they are getting better by the month.