Bangkok Diary Saturday 2 October 2010: Bogus emails Being Sent to iTunes App Store Users (Updated)
Beware if you have an iTunes account and a surprise bill turns up [or even those of you without an iTunes account - see below]. I saw a brief note earlier in the day on Macsimum News concerning bogus emails and have had one myself from the looks of things, but with a couple of oddities.
As luck (or bad code) would have it, the image did not load and whoever wrote the "alt" tag needs to attend my English classes. But then, none of the other receipts contain images of course as the main body. I began to roll the cursor over the links in the page and sure enough, instead of "phobos.apple.com" I was being asked to link to http://gmfachzh.info/ and I am not going there.
A closer look reveals a number of differences, in the header of the mail message: for example there is no Reply To line (even if the address Apple uses is firstname.lastname@example.org), while the message is from email@example.com when Apple uses the same firstname.lastname@example.org for its outgoing receipt mails.
A screen shot of the main body of the mail is below, including the little blue question mark for a failed image load - "Click here if you not see image" indeed. . . .
Additional InformationI have now had two more of these emails and the sender is the same in each case: "badger1402.apple.com" which is not the case in genuine mails with iTunes receipts. The source of the missing GIF file is "http://ax.phobos.apple.com.edgesuite.net/email/images_shared/header_invoicereceipt_l.gif" which is clearly not Apple and in the later emails that abbreviated URL is changed. Be on your guard.
Because of that email address, which is almost certainly false, I sent a note to Apple late Saturday.
For further information, e-mail to