Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being phished?


  • Please log in to reply
4 replies to this topic

#1 zombiewhacker

zombiewhacker

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 28 January 2015 - 11:46 PM

The other day I received an e-mail stating that somebody was attempting to reset my Apple account password.  (I have iTunes.) I tossed this off as a phishing scheme and sent the e-mail to junk.  Today, I received a different e-mail, the body of which reads:

  "If you recently signed in to this device, you can disregard this email.     "If you have not recently signed in to an iPhone with your Apple ID and believe someone may have accessed your account, you should update your account at My Apple ID."

Note: I don't have an iPhone or any Apple device.  In fact, I haven't even signed into iTunes for over four months.  And the one computer that I have installed iTunes is currently on the fritz so I can't even log into iTunes anyway.

 

Just another phish or cause for concern?

 



BC AdBot (Login to Remove)

 


m

#2 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:09:05 AM

Posted 29 January 2015 - 12:22 AM

The other day I received an e-mail stating that somebody was attempting to reset my Apple account password.  (I have iTunes.) I tossed this off as a phishing scheme and sent the e-mail to junk.  Today, I received a different e-mail, the body of which reads:

  "If you recently signed in to this device, you can disregard this email.     "If you have not recently signed in to an iPhone with your Apple ID and believe someone may have accessed your account, you should update your account at My Apple ID."

Note: I don't have an iPhone or any Apple device.  In fact, I haven't even signed into iTunes for over four months.  And the one computer that I have installed iTunes is currently on the fritz so I can't even log into iTunes anyway.

 

Just another phish or cause for concern?

 

 

Seems like a phish.  But review the sender e-mail address, see if that's legitimate.  Easy to be spoofed, of course, so that's just the basic first step.  Review any links in the e-mail (if provided) by just hovering over them, see if they're legitimate.  Then pull the e-mail's headers and review the sender's IP address, run a whois on the IP and see if it's actually owned by Apple.


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 29 January 2015 - 01:04 AM

The other day I received an e-mail stating that somebody was attempting to reset my Apple account password.  (I have iTunes.) I tossed this off as a phishing scheme and sent the e-mail to junk.  Today, I received a different e-mail, the body of which reads:
  "If you recently signed in to this device, you can disregard this email.     "If you have not recently signed in to an iPhone with your Apple ID and believe someone may have accessed your account, you should update your account at My Apple ID."
Note: I don't have an iPhone or any Apple device.  In fact, I haven't even signed into iTunes for over four months.  And the one computer that I have installed iTunes is currently on the fritz so I can't even log into iTunes anyway.
 
Just another phish or cause for concern?

If the link you linked to is correct, then here is the VirusTotal result.

I'd say it's a scam.

#4 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:05:05 AM

Posted 29 January 2015 - 04:27 AM

Hello zombiewhacker:

When you have assured yourself that an incoming email is a phishing scam, you would be doing a good service by reporting the occurrence to:
 
Anti Phishing Working Group

Thank you.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 29 January 2015 - 05:56 PM

It is a phishing e-mail. If you look at the link (by hovering over it like White Hat Mike explained), you will see that the domain name is account-validate[.]com. (I added the [] around the dot so that you can not accidentaly visit the site).

If you lookup the whois information (whois.net), you'll get this:


Domain Name: ACCOUNT-VALIDATE.COM
Registrar: GODADDY.COM, LLC
Sponsoring Registrar IANA ID: 146
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
Name Server: NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Updated Date: 29-jan-2015
Creation Date: 26-jan-2015
Expiration Date: 26-jan-2016


You can see that the domain was registered 3 days ago with GoDaddy, and that it is already suspended for abuse (see name server).

Edited by Didier Stevens, 29 January 2015 - 06:00 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users