Apple email phishing scam?

[nightmarevoid]

I just received an email from something that claims to be Apple about a charge for $55.99 for PUBG coins on an account I barely remember making back when I needed one for work. I damn-near threw up when I saw how much money some poor hacker was wasting on a phone game. Anyways, it doesn't actually say what the account name is or give a transaction ID, and the notice/receipt came as a PDF which I've never experienced before. I'm fairly certain the link in the email is fraudulent and wants to steal muh info. Has anyone else gotten this, or can at least confirm that this is what an apple recipe looks like? (As void of features, info, and end user freedom as their products). I haven't gotten a charge yet to any of my accounts by the way.

[Speed Weed]

Why do you download and open suspicious file attachment? This is one way to get your device infected. 

[H20Burner]

1 minute ago, nightmarevoid said:

I just received an email from something that claims to be Apple about a charge for $55.99 for PUBG coins on an account I barely remember making back when I needed one for work. I damn-near threw up when I saw how much money some poor hacker was wasting on a phone game. Anyways, it doesn't actually say what the account name is or give a transaction ID, and the notice/receipt came as a PDF which I've never experienced before. I'm fairly certain the link in the email is fraudulent and wants to steal muh info. Has anyone else gotten this, or can at least confirm that this is what an apple recipe looks like? (As void of features, info, and end user freedom as their products). I haven't gotten a charge yet to any of my accounts by the way.

I went to appleid.apple.com and went to a apple site.

[nightmarevoid]

1 minute ago, DaPhuc said:

Why do you download and open suspicious file attachment? This is one way to get your device infected. 

DaPhuc you talking about? I didn't actually download it.

[H20Burner]

Just now, nightmarevoid said:

DaPhuc you talking about? I didn't actually download it.

Google will give previews before downloading

 

[nightmarevoid]

1 minute ago, H20Burner said:

I went to appleid.apple.com and went to a apple site.

It looked like an apple site to me too, but there's so little real info in the PDF or email that it's just rubbing me the wrong way. IDK maybe I'm being paranoid.

[Speed Weed]

Just now, nightmarevoid said:

DaPhuc you talking about? I didn't actually download it.

You open that attachment, which is the same as download. 

[H20Burner]

Just now, DaPhuc said:

You open that attachment, which is the same as download. 

Dude downloading won't do jack shit. Downloading and opening might.

[DrMacintosh]

Apple does not email attachments and Apple does not warn you about purchases, you validate everything so you will never get a "unusual" activity message. Nor do they tell you your IP or the browser that was used. 

[Speed Weed]

1 minute ago, H20Burner said:

Dude downloading won't do jack shit. Downloading and opening might.

Hackers are more clever than that boi. You can get infected by download an app or attachment. Android is like Windows which is not always secure like IOS. You underestimate hackers, it will going to cost you a big consequent. 

[H20Burner]

1 minute ago, DaPhuc said:

Hackers are more clever than that boi. You can get infected by download an app or attachment. Android is like Windows which is not always secure like IOS. 

By downloading a app I think you mean when you hit download on a app in  the appstore which would automaticly install so yes. Still by downloading shit you won't get infected by just leaving it there. Heres a example. I download a new malware sample. I unextract it, I leave it there. Nothing happens until I actually run it. 

 

3 minutes ago, DrMacintosh said:

Apple does not email attachments and Apple does not warn you about purchases, you validate everything so you will never get a "unusual" activity message. 

Tru I was skeptic that apple doesn't do appleid. stuff. They usually never put anything before apple.

[Speed Weed]

Just now, H20Burner said:

By downloading a app I think you mean when you hit download on a app in  the appstore which would automaticly install so yes. Still by downloading shit you won't get infected by just leaving it there. Heres a example. I download a new malware sample. I unextract it, I leave it there. Nothing happens until I actually run it. 

  

Tru I was skeptic that apple doesn't do appleid. stuff. They usually never put anything before apple.

Ever heard of auto run malware? Malware that is automatically run when you finish download the app. 

[iLostMyXbox21]

6 minutes ago, DaPhuc said:

Hackers are more clever than that boi. You can get infected by download an app or attachment. Android is like Windows which is not always secure like IOS. You underestimate hackers, it will going to cost you a big consequent. 

i have to disagree, it is safe to download anything, but it will not run the scripts until you start the application, this is because if every program / file you download starts running automatically, your ram usage would be off the charts and your computer would be lagging like hell

 

edit: thats just from my experiences though

[DrMacintosh]

Going by the grammar I would say these are typical Indian tech scammers, just report the email and move on. 

[iLostMyXbox21]

1 minute ago, DrMacintosh said:

Going by the grammar I would say these are typical Indian tech scammers, just report the email and move on. 

i read that in an “indian tech scammer” voice, it seems like it lel

[nightmarevoid]

Update! I went straight to Apple's website and tried to log in to my account. It turns out past me was smarter than I give him credit for, and deactivated the account as well as removed all payment options after leaving his old job. Good job old me! Anyways, this means there's no way an apple ID associated with my old hotmail account (cuz I'm a contrarian that uses the same email for my apple and microsoft ID) could have been used to buy $55.99 in PUBG coins. I changed the password and will enable two step verification just to be safe. 

 

This was definitely some kind of phishing scam, and considering they were able to pull it off so convincingly they are probably able to do stuff like hide viruses in the raw code of a PDF. DaPhuc knows what he's Phucing talking about, it is possible to hide viruses so they activate when a PDF is opened. That being said, I do trust Google to filter viruses and such out when i just open a file without downloading it. Thank you all for your help!  I hope anyone else who has gotten this email find this thread useful.

[Canada EH]

43 minutes ago, H20Burner said:

Dude downloading won't do jack shit. Downloading and opening might.

You mention downloading wont do anything, yet you also mention downloading might, as well as opening might

 

 

36 minutes ago, DaPhuc said:

Ever heard of auto run malware? Malware that is automatically run when you finish download the app. 

Yeah them hackers can put viruses even in images that you hover over.

35 minutes ago, DrMacintosh said:

Going by the grammar I would say these are typical Indian tech scammers, just report the email and move on. 

You are right, thats the first tell a tale sign, either an accent on the phone or bad engrish.

[H20Burner]

16 minutes ago, Canada EH said:

You mention downloading wont do anything, yet you also mention downloading might, as well as opening might

 

 

Yeah them hackers can put viruses even in images that you hover over.

You are right, thats the first tell a tale sign, either an accent on the phone or bad engrish.

I said Downloading AND opening. You can  download but you still have to open....

[Canada EH]

7 minutes ago, H20Burner said:

I said Downloading AND opening. You can  download but you still have to open.... 

I would not even risk it, because the hackers are sneaky like that, but that is just me.

The thing I do with those is report them as phishing and delete it, then block the email address.

Then if you really want to you can just call up who ever they are trying to imitate by going to their official website on a clean search and go from there, companies like Apple, Credit Card Co's, Banks but any official communication for them is never done the way phishing scams are done.

 

I know the hackers can make a bogus site look official, but I dont know if they can scam their way around the secure symbol on the web address area or even the https:// secure.

[H20Burner]

1 minute ago, Canada EH said:

I would not even risk it, because the hackers are sneaky like that, but that is just me.

The thing I do with those is report them as phishing and delete it, then block the email address.

Then if you really want to you can just call up who ever they are trying to imitate, Apple, Credit Card Co., Bank but any official communication for them is never done the way phishing scams are done.

Tru. Heres a rule of thumb. Always go to the actual site and never hit links on a suspicious email. 

[Canada EH]

Just now, H20Burner said:

Tru. Heres a rule of thumb. Always go to the actual site and never hit links on a suspicious email. 

Well of course. Never do nothing with the email except delete it, report it, and blacklist it. They can just come back with another email address. I have a few email addresses, one I use as junk, one personal for family and friends, one personal for companies I am engaged with like banks, credit cards, stores, institutions and others, of course business emails. I do need to get rid of my junk email and start a fresh new junk email.

[LamoidZombieDog]

oh yeah, i know someone who got sent an email from Fake apple saying they needed to update their payment information.

[mrchow19910319]

received this kind of email before. before you do anything, consult apple 1st... 

[nightmarevoid]

Thanks for the tips! I didn't know you could representation phishing to apple. I think I'll have to because these guys are persistent. I just got another email today for a supposed Fifa purchase. I'm starting to feel bad for them. Should I make some fake email addresses and send those to them so they have something to do? :C

 

[AbsoluteFool]

On 10/24/2018 at 10:51 PM, nightmarevoid said:

I just received an email from something that claims to be Apple about a charge for $55.99 for PUBG coins on an account I barely remember making back when I needed one for work. I damn-near threw up when I saw how much money some poor hacker was wasting on a phone game. Anyways, it doesn't actually say what the account name is or give a transaction ID, and the notice/receipt came as a PDF which I've never experienced before. I'm fairly certain the link in the email is fraudulent and wants to steal muh info. Has anyone else gotten this, or can at least confirm that this is what an apple recipe looks like? (As void of features, info, and end user freedom as their products). I haven't gotten a charge yet to any of my accounts by the way.

I get these aswell. You know what the funny thing is? I don't even own a Apple accout or anything that has to do with Apple. It's a simple Phishing email. Just delete it.