Naeem Sarfraz

Blogging about Enterprise Architecture, ALM, DevOps & happy times coding in .Net

Netflix Purchase from Apple Store Scam

Over the past couple of weeks a couple of family members have been caught out by a very good phishing email purported to be from the Apple Store. Wikipedia describes phishing in the following terms.

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Here is a copy of the email.

itunes

Illusion of Authenticity

You’ll have to admit the email looks a good one and to the untrained eye you could easily fall for it. The colours play on Apple’s use of grey tones although the Apple logo is clearly missing. On receiving this email you’re immediately thinking what purchase? Let me investigate.

All of the links except one point to the Apple website, again adding to the picture this has come from a legitimate source. But if you’ve received this email out of the blue there’s only one thing you’re interested in and that’s cancelling the subscription. Has someone purchased a subscription from my account without me knowing? Did I forget to cancel my renewal? There’s only one way to answer these questions. Follow the Manage\Cancel Subscription link.

Spotting a Scam

Hovering over the Manage\Cancel Subscription link we see it points to http://www.beskidypark.com.pl/css/x/ (PLEASE do not enter your Apple ID if you follow this link), which is a domain registered in Poland. We know this because we can see the domain ends with .com.pl and a WHOIS search confirms this. Clearly not the Apple site. In fact if you go to the root domain you’ll see it appears to be the website for a hotel in Poland, something which a Google search also confirms.

So why is a Polish hotel aiding the scammers? They’re not. Their website is a Wordpress site and it appears to have been hacked. Those that have hacked the site have placed some code that redirects the visitor to a site that is designed to look like the Apple login page but more on that later. Why would they do this? They’re piggybacking off a reputable website and know access to it will not be blocked.

An Apple Login

Following the hacked link takes you to this page.

Capture

Again, looks pretty convincing. Many of the links on the site point to real links on the Apple website however the page does not belong to Apple and here’s how you can tell.

  1. Take a good look at the URL. It may say the word apple in there however look for the root domain name as it should be apple.com. In this case it’s id24supprt.com.
  2. Look for the padlock. The actual Apple login page uses SSL which ensures your username and password is passed to Apple it remains encrypted and therefore private. In Google Chrome look out for the green padlock as shown below.Capture2
  3. A spelling mistake. Everyone can make spelling mistakes and this is no sure way of spotting a scam but I noticed the password field was spelt incorrectly. Passwort ending with a t instead of a d.

Once the victim has used their real Apple username and password the site asks them for their billing address, credit card details, account name + sort code and other personal information. Enough information now to impersonate them and attempt to make fraudulent transactions.

In this particular scam the family members logged in using their actual apple username and password. Now the scammers have these details and they attempted to make a £1000 purchase in Debenhams which the bank fortunately picked up and blocked it and notified the account holder.

I’ve Fallen For This So What Can I Do?

  1. Change your Apple password immediately.
  2. If you’re using the same password on other websites go and change those passwords too.
  3. If you’re not using a password then consider doing so now. In this case it would not have filled out the login form as the URL does not match the Apple website URL. 1Password is highly recommended.
  4. Inform your bank that you think your card details may have been obtained fraudulently. I would consider actually cancelling the card itself and getting a new one.
  5. Report the scam to the Police on the Action Fraud website. Action Fraud is the UK’s national reporting centre for fraud and cyber crime where you should report fraud if you have been scammed, defrauded or experienced cyber crime.
  6. Report the phishing email to your email provider. For example here are instructions from Gmail on how to do that.

One final piece of advice, just remember that looks can be deceiving.

Keeping up with the Times and in particular Technology

As an Architect keeping up with frameworks, best practise patterns and being aware of emerging technologies can be quite a challenge and over the past year I’ve used a few productivity tools which have been invaluable. So I’d like to share a few things I do to keep on top of this.

  • Engaging with the community via Twitter
    Noise. Great as it is it can be watch out out as it can be a terrible distraction to your flow. I often wonder how much work some people actually do given the amount they tweet. However it’s useful for current developments and engaging with leaders in your field of interest.
    And here’s a tip “the best way to get the right answer on the Internet is not to ask a question, it's to post the wrong answer.” Cunningham’s law.
  • Keeping track of blogs with Feedly
    There are an infinite number of blogs out there with posts to fill your day and at some point you’ll actually want\need to do some work. Currently I am tracking around 50 blogs and spend around 30 – 60 minutes a day catching up with them and use the following tools to keep track of what I’ve read, intend to read and notifcations of new posts when they become available. Some posts I glance over whilst others require more concentration and sometimes a quiet room.
    • Feedly – a blog aggregator which has a nice plugin for Chrome allowing me to quickly mark a post as read when it doesn’t interest me. There are mobile apps available too.
    • OneTab – OneTab keep my browser looking sane because this is no strategy!
      image
      If I can’t read the article within a minute then it gets added to OneTab, my read later list, much like Scot Hanselman talked about.
  • Listening to Podcasts
    Commuting to work, stepping out in the car between errands or travelling on a long journey to a conference are great times to catch up on my podcast collection. Here are the current work related ones I’m following: 
  • Track a subject of interest using StackOverflow tags
    This is a great way to pickup from other people’s experiences if the subject you are tracking is new to you and has a narrow focus. I wouldn’t suggest tracking something as broad as jQuery or C# but I’m finding Domain-Driven Development much more manageable with a daily digest email containing 3/4 new questions most of which have answers.

Sometimes I can’t but feel overwhelmed with the amount of information out there so I decided to devise this strategy around this. Over time I have started to reduce the number of people I follow on twitter and the number of blogs I track.

I hope you’ll find this useful and please share your productivty tips in the comments below.