Skip to content

Damn! trojan horse link spammers are getting smarter with their targeting

I got an email today that pretended to be from shipping@new.itunes.com, which of course did not come from Apple at all, it came to my DreamHost account via vopmail.vopmail.willard-oh.com… It looked like a VERY GOOD copy of the emails that Apple does send out, complete with corporate logos and formatting; and claimed to be a Christmas gift card for someone I know (which was the first tell something was wrong – why would the gift card for my friend show up in my inbox?). Alleged gift card value was for a preposterous $500 (tell number two), and it was billed to someone I have never heard of (tell number three).

The three suspicious elements inspired me to right click the View\Download redemption link (aha – tell number four is the use of a backslash instead of a slash) and copy/paste the link into a text editor and really look at it… It was some unheard of ucoz.com address; a trojan horse address. I am sure they are trying to trick iTunes users into entering their AppleID and Password. Obviously we should never enter our usernames and passwords into websites that are NOT who they claim to be.

This is a scary attack attempt because it knows I am an iTunes user, it knows my friends (at least one of them) and it really knows how to format an email to look like an official iTunes Apple receipt.

Further down the email form were some other tells – some of the links do link to legitimate Apple websites, others to that bogus ucoz site; and the copyright notices are in a foreign font set, something Apple would not likely get wrong.

Be careful folks.

Post a Comment

Your email is never published nor shared. Required fields are marked *