Friday, 23 January 2015

your account is now locked. Ref:

Alert Summary:

your account is now locked. Ref:  phishing emails saying that due tο a prοblem with sοme of your accοunt infοrmatiοn we have tempοrarily lοcked yοur accοunt.

Sample Message headers:
From: Apple {do_not_reply@eur.apple.com}
Subject: - - your account is now locked. Ref: 32,621-39-08-17 - Apple
Sample Message body:
This is an automated message, please do not reply.

Dear - -,

Due tο a prοblem with sοme of your accοunt infοrmatiοn, we have tempοrarily lοcked yοur accοunt.

Whilst yοur accοunt is lοcked yοu will be unable tο use services such as the App Stοre / iΤunes store and usage of iClοud will be limited.

To unlοck your accοunt we need you to update your accοunt infοrmatiοn.

Click the following link to update the infοrmatiοn on your accοunt.
Update now >
The reasοn we sent yοu this email is because ΑppΙe takes security very seriοusly and we need tο ensure that we have the mοst up tο date infοrmatiοn οn file fοr οur custοmers tο prevent unauthοrised use.

It may just be that yοur payment methοd has expired or your accοunt infοrmatiοn is incomplete.
In οrder to avοid yοur accοunt being permanently clοsed we require yοu tο update yοur infοrmation within 24 hοurs οf this email being sent.

If you have already validated your account within the last 48 hours then you do not have to do anything, simply ignore this message.
ΑppΙe Suppοrt

Case Ref: 32,621-39-08-17

The above link to Apple site, doesn't take you there but instead takes you to a fake phishing site:
http://ow.ly/HOFwf
 Currently this redirects to:
http://appleid.apple.com-idmswebauth-login.html-appidkey.account-restoration.net/WebAuth/signin?sslchannel=true&sessionid=7IhQeT2nLvUyvWUJ0WumIYsXyn9BcyckgubvndT8JOHfKBYKyt6gsze1XoDaWPucjGHGTBPCpwR98QUG&baseURL=https://supportprofile.apple.com/homePage
The fake phishing site above looks like this:
The fake apple domain was recently set-up, details here:
 Domain Name: ACCOUNT-RESTORATION.NET
   Registrar: GODADDY.COM, LLC
   Sponsoring Registrar IANA ID: 146
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com
   Name Server: NS43.DOMAINCONTROL.COM
   Name Server: NS44.DOMAINCONTROL.COM
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 21-jan-2015
   Creation Date: 03-jan-2015
   Expiration Date: 03-jan-2016
Registry Domain ID: 1893834442_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2015-01-21T22:32:53Z
Creation Date: 2015-01-03T01:06:58Z
Registrar Registration Expiration Date: 2016-01-03T01:06:58Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Registry Registrant ID: 
Registrant Name: Martin Fillmore
Registrant Organization: 
Registrant Street: Top Floor Flat
Registrant Street: 14 Oaklands Grove
Registrant City: London
Registrant State/Province: 
Registrant Postal Code: W12 0JA
Registrant Country: United Kingdom
Registrant Phone: +44.7455959484
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: martinfillmore@gmail.com
The fake phishing site will also ask you to hand over your credit card details too....
Cheers,

Steve
Sanesecurity.com

No comments: