Apple iTunes Store Order Receipt Refund Request Phishing Emails

Comments: 4
Views: 917
Save
Updated: Nov. 21, 2016 2016-11-21T11:42:31
Posted: Nov. 21, 2016 2016-11-21T11:32:31
Online Threat Alerts (OTA)

Apple customers are asked to be aware of fraudulent refund request email messages (see sample below), claiming that someone is trying to or have made purchases using their accounts. The fake email messages were sent by scammers to frighten and trick the recipients into clicking on the links within them by claiming they need to do so in order to cancel the purchases and get a refund. But, once the recipients click on the link, they will be taken to phishing website that steals personal, financial, and Apple credentials (usernames and passwords).

Therefore, Apple customers who have received email invoices appearing as if they were sent from Apple, should avoid clicking on the links in them. They should instead, sign directly into the iTunes Store on their iPhone, iPad, iPod touch, Mac, PC, or Apple TV and check their accounts.

A Sample of the Fraudulent Apple Store Refund Request Emails

From: "iTunes Store" ID-18998@store.apple.com
Subject: Order Receipt No. 31637629
Date: Mon, Nov 21, 2016 2:06 PM

Apple Store Refund Request #51925100.

We suspect that someone is trying to use your account. Confirm your personal and billing information in order to cancel the transaction above: I acknowledge that if I download this app within fourteen days of tapping, Buy I will no longer de eligible to cancel this purchase The subscription period will automatically renew unless you turn it off no longer than 24 hours before the end of the current period. To cancel auto-renewal or manage your subscriptions, click bellow and sign in.

https://support.apple.com/HT204030.

Case ID: #51925100

Sincerely,

Apple Support

Apple users who have been tricked by the fraudulent refund request email messages should change their Apple password and contact Apple Support for help.

Remember, the best protection against phishing scams is to avoid clicking on links in email messages, social media messages and text messages to sign into online accounts. Going directly to your online account’ service provider websites or using a legitimate app to sign into your online accounts will prevent you for falling victims to phishing scams that steal personal , financial and account credentials.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search

engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful? +

Yes (0)
No (0)

Share this with others:

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

April 2, 2018 at 12:47 AM by an anonymous user from: Mt Morris, Michigan, United States
I got one that had the apple logo at the top.
the letter read...
"Dear User,
We are reviewing your recent order to be ready to ship to you. The payment has been received and below provide you details on order April 1, 2018 1109pm. (yet this popped in my email at 509pm on April 1st, 6 hours early?)
it said bill Summary (underlined so that I could click on it)
gave a TX number XXXXXXXX
Total amount due $107.91
Due date April 1, 2018 at 1109pm
If you have an issues with this orderer payment or want a refund...blah blah blah
Refund your order (again underlined to click) which I did and it asked for my apple id and password. it looked like an "official apple log in page". However in the past, when I purchased Apple storage for my low GB phone, I always got an invoice specifically telling me they were charging me and what it was for. So I did not enter my info bc why would they not tell me on the original email what the ebill was for?
Sure enough, I got home and went to my iTunes store and there is no pending purchase or recent charges.
BE ware.
remove
July 16, 2017 at 9:50 AM by info
Here is another scam:
From: Paymen.Agreement@Apple.com <Paymen.Agreement@Apple.com>
Sent: Sunday, July 16, 2017 4:01 AM
Subject: UNAUTHORIZED PAYMENT
Your Apple ID was used to sign in to iCloud website and make a payment via iTunes Store
Date and Time: 16 Juli 2017, 02:45 AM GMT
Location : Valencia, Carabobo, Venezuela
Browser : Mozila/50 (Macintosh; Intel Mac OS X 10_17_6)
Platform : MazOS
To cancel this purchase
Please,Download and read the attached You will find message & lnvoice ln Adobe Reader (PDF) format.
Thanks
Apple Support"
remove
April 16, 2017 at 4:08 PM by info
Here is another scam:
"Dear Customer,
Your Apple ID was used to sign in to iCloud website and make a payment via iTunes Store .
This is detail your activity :
Support team detect unauthorised person has accessed
your account and now your account access has been locked for security measures,
you must cancel this purchase from your Apple ID account page at:
Click Here
Thanks
Apple Support
Shop the Apple Online Store (0800 048 0408), visit an Apple Retail Store, or find a reseller. Apple Info Site Map Hot News RSS Feeds Contact Us
item : Space Qube
Order Number : HDH6YMK37
Order Total : $34.99
IP Address : 190.153.81.31 (31.81.153.190.net-uno.net)
Location : Valencia, Carabobo, Venezuela
Browser : Mozilla/5.0 (Macin..."
remove
April 16, 2017 at 4:05 PM by info
Here is another scam:
"From: Apple Store <norepluapapleyosdakfgr@quartzcopter.com>
Sent: April 16, 2017 7:15 AM
Subject: Confirmation Details For Oder HDH6YMK37.
Dear Costumer,
Thank you for the following product.
Product item: Space Qube
Order Number: HDH6YMK37
Order Total: $34.99
If you did not authorize this purchase, Read secure message by opening the attacment (PDF).
you will be prompted to open (view) the file or save (download) it to your computer.
for best results, save the file first, then open it in a Web browser.
Apple Support"
remove