Just got a very convincing phishing email to my .mac/.me account:
As my renewal was due, I just clicked the link, but I got suspicious right away when they point blank asked for my CC information.
It could have been yet-another phishing email, but what concerns me is Apple's slow response.
I received the email today Aug 11 @ 9:51 PDT, however they are reports (this one and this one) of the very scam coming from the very same host (cl-t053-370cl.whoannonce.com) since Aug 09. Yeah, it was weekend but this is serious stuff you would expect Apple to be on top of these things.
Furthermore, the message itself had be marked as suspicious, as per the heading:
X-Antiabuse: This header was added to track abuse, please include it with any abuse report X-Antiabuse: Primary Hostname - cl-t053-370cl.whoannonce.com X-Antiabuse: Original Domain - mac.com X-Antiabuse: Originator/Caller UID/GID - [99 503] / [47 12] X-Antiabuse: Sender Address Domain - cl-t053-370cl.whoannonce.com
This means that Apple should have been aware of the issue even before any report by users (which by the way I did).
So far the scam has been on the run for over 48 hours... let's see how long it takes them to shut it down (as in at least stop delivering to its users)
Here's the full heading (my email address masked)
From: "no_reply_no."@apple.com Date: August 11, 2008 9:51:15 AM PDT (CA) To: XXXX@mac.com Subject: IMPORTANT : Billing Problem 11th Aug 2008. Return-Path: <nobody@cl-t053-370cl.whoannonce.com> Received: from smtpin123-bge351000 ([10.150.68.123]) by ms153.mac.com (Sun Java(tm) System Messaging Server 6.3-7.02 (built Jun 27 2008; 64bit)) with ESMTP id <0K5G009RM45ZQC90@ms153.mac.com> for XXXX@mac.com; Mon, 11 Aug 2008 09:51:35 -0700 (PDT) Received: from cl-t053-370cl.whoannonce.com ([72.55.153.112]) by smtpin123.mac.com (Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 32bit)) with ESMTP id <0K5G00MQA45MAON4@smtpin123.mac.com> for XXXXX@mac.com (ORCPT XXXXX@mac.com); Mon, 11 Aug 2008 09:51:35 -0700 (PDT) Received: from nobody by cl-t053-370cl.whoannonce.com with local (Exim 4.69) (envelope-from <nobody@cl-t053-370cl.whoannonce.com>) id 1KSabz-0001Yf-R4 for XXXX@mac.com; Mon, 11 Aug 2008 12:51:15 -0400 Original-Recipient: rfc822;XXXXXX@mac.com Mime-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Message-Id: <E1KSabz-0001Yf-R4@cl-t053-370cl.whoannonce.com> X-Antiabuse: This header was added to track abuse, please include it with any abuse report X-Antiabuse: Primary Hostname - cl-t053-370cl.whoannonce.com X-Antiabuse: Original Domain - mac.com X-Antiabuse: Originator/Caller UID/GID - [99 503] / [47 12] X-Antiabuse: Sender Address Domain - cl-t053-370cl.whoannonce.com X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: appartement-maroc.net:/public_html
Add Comment