Dodgy itunes invoice

[D4N13L]

I have received a suspicous e-mail this morning from what looks like Apple.

It is an itunes invoice for £699. The e-mail it has come through to is not my registered e-mail with my itunes account. It doesn'y give a date it will take the funds or an account it will go from just reads "credit card"

It says it is for 1 item, a post card! Next to it has links to cancel order and report a problem. Hotmail filters have blocked the content and the links etc and i have not clicked on anything.

Looks like genuine apple invoice.

Has anyone had anything similar?

Should i just ignore it?

 

[bozothenutter]

ignore it.....sounds like spam/phising

 

[Revels]

Don't click it.

http://www.apple.com/support/itunes/contact/

 

[D4N13L]

Cheers for that revels i have reported it now. And no i haven't clicked on it.

 

[Rob]

Who is the email from? i.e actual address?

 

[NFox]

Who is the email from? i.e actual address?

Probably the address apple send there invoices from! Its relatively easy to send someone an email and have it look like it came from any email you want! Theres even an app for it, if you jail break your iPhone!

 

[Tom]

Probably the address apple send there invoices from! Its relatively easy to send someone an email and have it look like it came from any email you want! Theres even an app for it, if you jail break your iPhone!

Well thats not entirely true, its fairly easy to spot where its actually from.

 

[NFox]

Well thats not entirely true, its fairly easy to spot where its actually from.

Really? Would you mind telling me how as I did try myself to see if I could get beyond the fake mail and couldn't find a way?

 

[D4N13L]

According to my email it has come from store@itunes.com

 

[Tom]

Really? Would you mind telling me how as I did try myself to see if I could get beyond the fake mail and couldn't find a way?

Look in the header.

An example...

Thu, 23 Feb 2012 02:35:11 -0800 (PST)Received: by 10.236.124.2 with SMTP id 5555555; Thu, 23 Feb 2012 02:35:05 -0800 (PST)Return-Path: <jcward1964@hotmail.co.uk>Received: from debian.musicalisimo.net (host5.200-45-20.telecom.net.ar. [200.45.20.5]) by mx.google.com with ESMTP id l14si430919ank.12.2012.02.23.02.16.49; Thu, 23 Feb 2012 02:35:05 -0800 (PST)Received-SPF: softfail (google.com: domain of transitioning jcward1964@hotmail.co.uk does not designate 200.45.20.5 as permitted sender) client-ip=200.45.20.5;Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning jcward1964@hotmail.co.uk does not designate 200.45.20.5 as permitted sender) smtp.mail=jcward1964@hotmail.co.ukReceived: from www.musicalisimo.net (localhost [127.0.0.1]) by debian.musicalisimo.net (Postfix) with ESMTP id 5F44118FC1A; Sat, 18 Feb 2012 12:27:59 +0000 (UTC)Received: from 208.122.242.126 (SquirrelMail authenticated user viajes) by www.musicalisimo.net with HTTP; Sat, 18 Feb 2012 12:27:59 -0000 (UTC)Message-ID: <1580.208.122.242.126.1329568079.squirrel@www.musicalisimo.net>Date: Sat, 18 Feb 2012 12:27:59 -0000 (UTC)Subject: I wish to know if we can work together.From: "James Ward" <jcward1964@hotmail.co.uk>Reply-To: jcward196424@yahoo.co.ukUser-Agent: SquirrelMail/1.4.5 [CVS]MIME-Version: 1.0Content-Type: text/plain;charset=iso-8859-1Content-Transfer-Encoding: 8bitX-Priority: 3 (Normal)Importance: NormalTo: undisclosed-recipients:;Greetings,Do accept my apologies if my message does not meet your personal ethics. Iwant to introduce myself and this business opportunity to you. My names areJames Ward, a banker with Fin- Trust Bank Plc, here in UK.I wish to know if we can work together. I would like you to stand as thenext of kin to my deceased client who made some deposits to my bank worth£10.7 million GBP.(Ten Million Seven Hundred Thousand British PoundsSterling) .He died without any registered next of kin and as such the funds now have anopen beneficiary mandate. Fortunately, both of you have the same last nameso it will be very easy to make you become his official next of kin.If you are interested you do respond to me so that I can give youcomprehensive details on what we are to do, I urgently hope to get yourresponse as soon as possible.Best Regards,

 

[TheEvilGiraffe]

Weird.

For info, my latest App purchase receipt came from:

iTunes Store do_not_reply@itunes.com

Contact Apple and see what they say...

 

[Tom]

D4N13L What email provider do you use?​

 

[D4N13L]

This has come through to my hotmail account but my itunes account is a gmail account hence why i beleive it to be suspicous.

 

[Tom]

I'd delete it and move on with your life.

But before you do

Open the desired email in Windows Live Hotmail.
Click the down arrow next to Reply in the message's header area near the sender and subject.
Pick View message source from the menu.

Can you paste the header in here? ​

 

[D4N13L]

Is this what you mean

x-store-info:sbevkl2QZR7OXo7WID5ZcVBK1Phj2jX/
Authentication-Results: hotmail.com; sender-id=softfail (sender IP is 208.80.121.189) header.from=store@itunes.com; dkim=none header.d=itunes.com; x-hmca=fail
X-Message-Status: n:0:n
X-SID-PRA: iTunes <store@itunes.com>
X-SID-Result: SoftFail
X-DKIM-Result: None
X-AUTH-Result: FAIL
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0xO1NDTD0x
X-Message-Info: NhFq/7gR1vQWAeu/j5T71oRJiaujFpDDMfNhbJEmGOQRXJ5iqTf5bfFHUmDbVrT9aXVRipEDVTAC5gNQ8o//N4TQtkffXaUSpiMZiRBQ1nQf+V5IzZZ4Q2C9Occ3oUUN
Received: from ww3.gravitytexas.com ([208.80.121.189]) by BAY0-MC3-F33.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Wed, 22 Feb 2012 16:03:33 -0800
Received: (qmail 18065 invoked from network); 22 Feb 2012 19:03:24 -0500
Received: from adsl-074-164-218-170.sip.bhm.bellsouth.net (HELO IAM01) (74.164.218.170)
by ww3.gravitytexas.com with ESMTPA; 22 Feb 2012 19:03:16 -0500
From: "iTunes" <store@itunes.com>
Subject: Your receipt #162018637147048
To: "cook.daniel" <REMOVED>
Content-Type: multipart/alternative; boundary="wn5jAwGNcm359ur7xVvsMjywP1WKY921=_"
MIME-Version: 1.0
Organization: iTunes
Date: Wed, 22 Feb 2012 18:03:18 -0600
Return-Path: store@itunes.com
Message-ID: <BAY0-MC3-F33Xb0zrAX001c3826@BAY0-MC3-F33.Bay0.hotmail.com>
X-OriginalArrivalTime: 23 Feb 2012 00:03:33.0941 (UTC) FILETIME=[95650E50:01CCF1BE]

 

[Tom]

10,000% Scam. Delete it.

 

[D4N13L]

Thanks Tom.

 

[D4N13L]

Got a reply from Apple customer saying that it is definetley a scam e-mail and they wanted it forwarded to there phishing dept.

 

[Liquid yellow 182]

Someone at work got the same email. I didn't know him but he was talking to someone about it when I was sitting on the same table. sounded rather strange to me.