Scam Alert: Fake Email Pretending To Be From Apple.

UPDATE:
The DNS registration information was changed on 2011-05-19, also noted by a reader.

Domain Name: APPLESDOWNLOAD.COM
Registrar: ELB GROUP, INC.
Whois Server: whois.retailstudio.com
Referral URL: http://www.retailstudio.com
Name Server: NS1.QUCKBO.RU
Name Server: NS2.QUCKBO.RU
Name Server: NS3.QUCKBO.RU
Name Server: NS4.QUCKBO.RU
Status: clientTransferProhibited
Updated Date: 19-may-2011
Creation Date: 14-mar-2011
Expiration Date: 14-mar-2012

>>> Last update of whois database: Thu, 19 May 2011 20:15:58 UTC <<<

Whois info as of 2011-05-19

Domain Name: APPLESDOWNLOAD.COM

Registrant:
Vanna Berglund
Vanna Berglund        (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Creation Date: 14-Mar-2011
Expiration Date: 14-Mar-2012

Domain servers in listed order:
ns1.quckbo.ru
ns2.quckbo.ru
ns3.quckbo.ru
ns4.quckbo.ru

Administrative Contact:
Vanna Berglund
Vanna Berglund        (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Technical Contact:
Vanna Berglund
Vanna Berglund        (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Billing Contact:
Vanna Berglund
Vanna Berglund        (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Status:LOCKED

——-

A reader sent in a screenshot of an email pretending to be from Apple.

All clicks lead to: http://tariacuri.crefal.edu.mx/dweb/images/smilies/index.php which redirects to applesdownload.com.
It is likely that tariacuri.crefal.edu.mx site has been compromised.

applesdownload.com whois info:

Domain Name: APPLESDOWNLOAD.COM

Registrant:
Lyubov Bushmakina
Lyubov Bushmakina        ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822

Creation Date: 14-Mar-2011
Expiration Date: 14-Mar-2012

Domain servers in listed order:
ns1.thejobrano.com
ns2.thejobrano.com

Administrative Contact:
Lyubov Bushmakina
Lyubov Bushmakina        ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822

Technical Contact:
Lyubov Bushmakina
Lyubov Bushmakina        ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822

Billing Contact:
Lyubov Bushmakina
Lyubov Bushmakina        ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822

Status:LOCKED

The site is currently still up.

This is not the first time such email pretending to come from Apple.

90403

4 Replies to “Scam Alert: Fake Email Pretending To Be From Apple.”

I also got this email this morning. At first was shocked that Adobe had discounted the software to $329 that we had just paid over $1300 for.

Then with the sender’s email address and unfamiliar web address, I figured out it was a scam. Did this just start going out today?

Just got the same email and thought it was real! Was about to forward to a friend when I noticed a wierd code in the subject line. That’s when I had a closer look at the sender info, Apple- [elefabrujygyzdarobu@live.ru]. So then went to Adobe’s site and saw the real prices. Oh well it was nice to dream for a little.

Might be even more interesting. 10:30 EDT 19 May

Domain Name: APPLESDOWNLOAD.COM

Registrant:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Creation Date: 14-Mar-2011
Expiration Date: 14-Mar-2012

Domain servers in listed order:
ns1.thejobrano.com
ns2.thejobrano.com

Administrative Contact:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Technical Contact:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Billing Contact:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Status:LOCKED
Note: This Domain Name is currently Locked. In this status the domain
name cannot be transferred, hijacked, or modified. The Owner of this
domain name can easily change this status from their control panel.
This feature is provided as a security measure against fraudulent domain name hijacking.

вот это жопа, надо будет наказать. Или на каторгу сослать.

Comments are closed.

© 37prime, 2006-2024. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to 37prime and content authors with appropriate and specific direction to the original content.

In the spirit of transparency, in contradiction to the site tagline, no we are not using the so called “A.I.” to write contents for this site.

One more thing… we love sarcasm and satire. We do have a failed comedian in our team.