Fake Safety Alert Spam Message
Home Spam Reports Fake iTunes Receipt Email

Fake iTunes Receipt Email

by Brett M. Christensen

Outline

Emailed receipt, purporting to be from online music store iTunes, supposedly provides the recipient with information about a recent purchase. 

Brief Analysis

The email is not from iTunes. The purchase details included in the message are invalid. Links in the message open a spam pharmaceutical website that tries to entice visitors to enter their credit card details to purchase products.

Examples

From: iTunes Store Subject: Your receipt of purchase #156004140076

iTunes Spam Email 1

 

From: iTunes Store

Subject: Your receipt #434839824758

iTunes Spam Email 2

 

Detailed Analysis

Soon after a spate of spam emails purporting to be from social network LinkedIn began hitting inboxes, another spam campaign was launched that used the name of popular online music and entertainment store, iTunes. The iTunes spam emails are designed to resemble a genuine iTunes receipt message and include seemingly genuine iTunes graphics and formatting.

However, these “receipt” messages are fake and do not originate with iTunes. The supposed iTunes transaction listed on the message never took place. Links in many of the bogus message open an infamous Canadian pharmaceutical website long known for its illegal and reprehensible marketing tactics. Links in some versions of the spam messages point to a variety of other spam websites that include suspect “dating” sites and sites offering dubious forex services. 
In order to trick recipients into clicking links in the message, the supposed purchase price of several hundred dollars is considerably higher than one would expect for an item like the ones listed. Thus, iTunes account holders who receive the spam emails are more likely to follow the “report a problem” or “purchase history” links in the messages in an attempt to discover more details about the supposed transaction.

Many users who do follow one of the links in the belief that they are going to the official iTunes Store are instead taken to the bogus drugstore website. Some incarnations of this spam website have also been known to contain trojans or other malware. Thus, the intent of the spammers is to try to entice recipients into visiting the online drugstore site in the hope that they will attempt to purchase products, or in some cases, inadvertently infect their computers with malicious software. Dubious online drug sites such as these may also steal credit card and other information from users via bogus order forms. The “order form” on the pharmacy website included in these spam emails is not even a secure (https) page even though it asks for credit card details and other personal information. No legitimate online store would ask for credit card details via an unsecure form.

It should be noted that the real iTunes Store does send out receipt messages after a user has made a purchase. This is a normal and perfectly legitimate part of the company’s transaction procedure that will be familiar to many iTunes users. The spammers have capitalized on this user familiarity. If you receive what looks like an official iTunes message, check that the links do point to the iTunes website. If in doubt, do not click links in such emails. Instead, check your transaction record via the iTunes software or via the iTunes website.

Internet criminals have targeted iTunes users in the past. In May 2010, fake iTunes gift certificates that contained a trojan were being distributed.


Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer