Scam Email – Apple Purchase


Time for one more quick scam email warning for this year, as I’ve just had one claiming that a transaction was made by someone other than myself on my Apple account. Again, the signs of fakery are easy enough to spot, but when people are spending lots of money this time of year, it’s a timely warning to be vigilant.

Screenshot of scam emailing claiming that a payment was made from my Apple account by an unknown device, and that I need to click the link to get my money refunded.

Firstly, the sender of the email is shown as Apple, but clicking the name reveals the true From Address to be support@speedyrails.com. So already we know the email is a con, as it clearly has nothing to do with Apple whatsoever.

The From Address revealed when clicking on the Apple name in the scam email. The address is support at speedy rails dot com

The Subject Line says “Purchase Receipt”, which is innocent enough and designed to get your attention, especially if you don’t remember buying anything recently. Some scam emails like this can have much more urgent sounding subject lines though, to try and get your attention even more.

The Message is presented entirely as a clickable image. So there is no actual text in the email whatsoever, and anywhere you click on the image will take you to the link they want you to visit. It’s a sneaky tactic that I’ve seen used before.

The message calls itself a “Subscription Confirmation”, claiming that a purchase has been made for a 1 month subscription to InstaSize Photo Editor Premium for $89.99. It has the Apple logo at the top and bottom, along with today’s date, an order ID and a document number to try and make it look authentic. But there are various giveaways that it’s fake.

The body of the message embedded in the image reads:

This purchase was rewiewed by our system. An unknow device was used for this transaction. We assume that your account was used by someone else. You could cancel this payment within the next 48 hours to get your money refunded. You just need to follow the steps in the link below.

Notable issues with that text include the misspellings of “rewiewed” and “unknow”. And you “could” cancel the payment if you wanted to, rather than saying you “should”. As I said with the subject line, there isn’t quite as much urgency implied with the wording of this email as I’ve seen in some other cases.

If you look carefully at the email, you can also see that there’s a field for Apple ID near the top that has been left blank. This indicates that it’s based on a real Apple receipt, modified for the scammer’s purposes. But of course they haven’t included my Apple ID because they don’t know what it is. Apple always personalise their receipts, so my ID would be shown if it were genuine.

As for the claimed transaction, I’ve looked up the app in question – InstaSize Photo Editor and in the UK app store the ad-free version is only £1.99, with some other extras only £0.99. And on the Instasize website, their Premium offering is only $4.99, not $89.99.

So there is absolutely no reason to believe the email is genuine, and no reason to click on the image. Hovering over the image shows that clicking anywhere on it will take you to:

https://*clique.cliquenasaude.com.br/wp/images/google.com.*png

Screenshot from Apple scam email, showing the address that the clickable image is pointing to, at cliquenasuade dot com, which clearly has nothing to do with Apple.

I’ve added asterisks because the address appears to be for an image, and WordPress would try to render it automatically if I left the address unaltered. I haven’t visited the real link, and you shouldn’t either. Just because it has a .png extension does not mean it’s an image, it could be anything. But if you look at the address, it’s clearly got nothing to do with Apple anyway.

And the image that’s embedded in the email itself is sourced from the following non-Apple address (again with asterisks added here for safety):

https://*4.bp.blogspot.com/-KQk0FD98xhQ/XgslpVJQFXI/AAAAAAAAAL0/OdlxNXl6mPssnZg-Ac1xLBIuiveqNvqCgCLcBGAsYHQ/s1600/yahoo%2B-%2BCopie.*png

And that’s basically it. A very simple email designed to catch people out in the new year. If you ever get a message like this, claiming that you’ve spent money on something you haven’t, remember to never click on any links in the email itself. Go to the official website of the company in question via your own bookmarks or Google, and contact them that way if you have any concerns. Stay safe and vigilant as always!

Author: Glen

Love London, love a laugh, love life. Visually impaired blogger & Youtuber with aniridia & nystagmus, posting about my experiences & adventures.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.