So, I just got an email from "iTunes Store" thanking me for buying a product I most definitely did not buy. There were some tell-tale signs of phishing, so I did not follow any of the links. Here's what I noticed:
- The return address seemed valid enough, going to an ID number @store.apple.com, but there was nothing in the "to" field. In other words, this was a receipt that apparently wasn't sent to me directly. Hmmmm.... that's a pretty strong clue there that it isn't valid.
- The dates are in European format and the amount is in Euros. I would have remembered purchasing anything in Euros.
- The option to cancel the order is up-front and center, with a big ol' link - to a bit.ly address. Genuine businesses do not use bit.ly in this way, period, full-stop, end of sentence. Bit.ly is a useful tool, but no legitimate business will use it for an order cancellation link in a receipt.
It's a scammer's world out there. It's way too easy to be caught, anymore. I hope this post might help somebody avoid whatever fate was lurking at the end of that link.