Tuesday, August 18, 2015

Oooh.... scamspam....

So, I just got an email from "iTunes Store" thanking me for buying a product I most definitely did not buy. There were some tell-tale signs of phishing, so I did not follow any of the links. Here's what I noticed:

  1. The return address seemed valid enough, going to an ID number @store.apple.com, but there was nothing in the "to" field. In other words, this was a receipt that apparently wasn't sent to me directly. Hmmmm.... that's a pretty strong clue there that it isn't valid.

  2. The dates are in European format and the amount is in Euros. I would have remembered purchasing anything in Euros.

  3. The option to cancel the order is up-front and center, with a big ol' link - to a bit.ly address. Genuine businesses do not use bit.ly in this way, period, full-stop, end of sentence. Bit.ly is a useful tool, but no legitimate business will use it for an order cancellation link in a receipt.
Adding it up, it's clear I'm being phished. Nope, not playing along. However, at first glance it really looked legitimate, and if I had recently ordered something there's a decent chance I would not have looked twice at it and been fooled. Heck, even if I wasn't being careful there is a chance it could have caught me even if I hadn't recently ordered something.

It's a scammer's world out there. It's way too easy to be caught, anymore. I hope this post might help somebody avoid whatever fate was lurking at the end of that link.