Time for one more quick scam email warning for this year, as I’ve just had one claiming that a transaction was made by someone other than myself on my Apple account. Again, the signs of fakery are easy enough to spot, but when people are spending lots of money this time of year, it’s a timely warning to be vigilant.
Firstly, the sender of the email is shown as Apple, but clicking the name reveals the true From Address to be firstname.lastname@example.org. So already we know the email is a con, as it clearly has nothing to do with Apple whatsoever.
The Subject Line says “Purchase Receipt”, which is innocent enough and designed to get your attention, especially if you don’t remember buying anything recently. Some scam emails like this can have much more urgent sounding subject lines though, to try and get your attention even more.
The Message is presented entirely as a clickable image. So there is no actual text in the email whatsoever, and anywhere you click on the image will take you to the link they want you to visit. It’s a sneaky tactic that I’ve seen used before.
The message calls itself a “Subscription Confirmation”, claiming that a purchase has been made for a 1 month subscription to InstaSize Photo Editor Premium for $89.99. It has the Apple logo at the top and bottom, along with today’s date, an order ID and a document number to try and make it look authentic. But there are various giveaways that it’s fake.
The body of the message embedded in the image reads:
This purchase was rewiewed by our system. An unknow device was used for this transaction. We assume that your account was used by someone else. You could cancel this payment within the next 48 hours to get your money refunded. You just need to follow the steps in the link below.
Notable issues with that text include the misspellings of “rewiewed” and “unknow”. And you “could” cancel the payment if you wanted to, rather than saying you “should”. As I said with the subject line, there isn’t quite as much urgency implied with the wording of this email as I’ve seen in some other cases.
If you look carefully at the email, you can also see that there’s a field for Apple ID near the top that has been left blank. This indicates that it’s based on a real Apple receipt, modified for the scammer’s purposes. But of course they haven’t included my Apple ID because they don’t know what it is. Apple always personalise their receipts, so my ID would be shown if it were genuine.
As for the claimed transaction, I’ve looked up the app in question – InstaSize Photo Editor and in the UK app store the ad-free version is only £1.99, with some other extras only £0.99. And on the Instasize website, their Premium offering is only $4.99, not $89.99.
So there is absolutely no reason to believe the email is genuine, and no reason to click on the image. Hovering over the image shows that clicking anywhere on it will take you to:
I’ve added asterisks because the address appears to be for an image, and WordPress would try to render it automatically if I left the address unaltered. I haven’t visited the real link, and you shouldn’t either. Just because it has a .png extension does not mean it’s an image, it could be anything. But if you look at the address, it’s clearly got nothing to do with Apple anyway.
And the image that’s embedded in the email itself is sourced from the following non-Apple address (again with asterisks added here for safety):
And that’s basically it. A very simple email designed to catch people out in the new year. If you ever get a message like this, claiming that you’ve spent money on something you haven’t, remember to never click on any links in the email itself. Go to the official website of the company in question via your own bookmarks or Google, and contact them that way if you have any concerns. Stay safe and vigilant as always!