Emailed receipt, purporting to be from online music store iTunes, supposedly provides the recipient with information about a recent purchase.
The email is not from iTunes. The purchase details included in the message are invalid. Links in the message open a spam pharmaceutical website that tries to entice visitors to enter their credit card details to purchase products.
Soon after a spate of spam emails purporting to be from social network LinkedIn began hitting inboxes, another spam campaign was launched that used the name of popular online music and entertainment store, iTunes. The iTunes spam emails are designed to resemble a genuine iTunes receipt message and include seemingly genuine iTunes graphics and formatting.
However, these “receipt” messages are fake and do not originate with iTunes. The supposed iTunes transaction listed on the message never took place. Links in many of the bogus message open an infamous Canadian pharmaceutical website long known for its illegal and reprehensible marketing tactics. Links in some versions of the spam messages point to a variety of other spam websites that include suspect “dating” sites and sites offering dubious forex services.
In order to trick recipients into clicking links in the message, the supposed purchase price of several hundred dollars is considerably higher than one would expect for an item like the ones listed. Thus, iTunes account holders who receive the spam emails are more likely to follow the “report a problem” or “purchase history” links in the messages in an attempt to discover more details about the supposed transaction.
Many users who do follow one of the links in the belief that they are going to the official iTunes Store are instead taken to the bogus drugstore website. Some incarnations of this spam website have also been known to contain trojans or other malware. Thus, the intent of the spammers is to try to entice recipients into visiting the online drugstore site in the hope that they will attempt to purchase products, or in some cases, inadvertently infect their computers with malicious software. Dubious online drug sites such as these may also steal credit card and other information from users via bogus order forms. The “order form” on the pharmacy website included in these spam emails is not even a secure (https) page even though it asks for credit card details and other personal information. No legitimate online store would ask for credit card details via an unsecure form.
It should be noted that the real iTunes Store does send out receipt messages after a user has made a purchase. This is a normal and perfectly legitimate part of the company’s transaction procedure that will be familiar to many iTunes users. The spammers have capitalized on this user familiarity. If you receive what looks like an official iTunes message, check that the links do point to the iTunes website. If in doubt, do not click links in such emails. Instead, check your transaction record via the iTunes software or via the iTunes website.
Internet criminals have targeted iTunes users in the past. In May 2010, fake iTunes gift certificates that contained a trojan were being distributed.