Phishing for customers

I don't like spam. I receive a lot of it, and I despise it. I see it as theft. My bandwidth and time are being used without my permission. Spammers steal bandwith and internet access in order to deliver their crap to my inbox. I don't want it and I don't like it. I report spam to ISP's, upstream providers, the FTC, and any reporting agency that I feel is appropriate, based on the content of the spam. Spam will not go away by processing it with the delete key! You have to fight it!

Here's one example of how spammers are attempting to steal your identity and money - (taken from Phishing - In computing, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a website. Phishing is an example of social engineering techniques used to fool users.[2] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Not long after (on the 30th of July, 2008) Apple introduced/launched their new MobileMe service (MobilMe was an updated version of it's .Mac services (iTools before that), now retired/transitioned to the iCloud service), I started receiving some rather sophisticated phishing emails from a spammer. I received the first at appx 0722AM (MDT). At first, I thought that it might be a valid email from Apple. It was addressed to my email address (which doesn't get much spam), and it didn't contain the usual slew of gramar and spelling errors. Still, the email contained some subtle hints that it might not be legitimate. So, I examined the source of the email message before clicking on any links or loading any images.

As soon as I started examining the email header, I realized that this was the work of some skum-sucking spammer. The IP address/domain of were definitely not the sort that would send an email from While the image links pointed back to, the fact that they were hijacking/using Apples bandwidth to deliver legitimate images isn't all that unusual. Then there was the URL hidden behind the 'update' link. The email displayed an 'update' link of:

"update your billing information today by clicking here ,"

Notice the space between the word here and the comma? A legitimate email is unlikely to contain this sort of punctuation error. After examining the source code behind the body of the email, the destination URL was revealed to be: <a href="">clicking here</a> Clearly this is not an destination. Anyone clicking on this link is re-directed to the spammers forged web site.

If you'd like to see the full source code of the email, I've linked it to my website: <> The From: address of the email was a address, the Return-Path: address led back to the email host that the spammer used to send the email, and the To: address was my address. In the text file referenced here, I've changed all the email addresses to <>. Why? Because otherwise, some spammer spider (web scraping bot) will find the file, and scrape the email addresses off the document. The domain '' is a specially reserved domain used to test websites and email services. Any email to that domain ends up in a bit bucket. It doesn't generate any bounce, doesn't clog someones inbox, doesn't get processed, etc. It's an internet dead-end.

If you'd like to see what the email looked like in my inbox (after loading the images - By the way, don't load the images from an email until you know (and trust) the source of the images), I've linked it to my website: <>. Once again, I redacted (masked) the email addresses, so some spammer can't scrape the email addresses. The email sure looks like a legitimate Apple email. Especially once you load the images.

While Apple is experience a surge of new users, many of those users are young and inexperienced with the Apple brand. They may be teenagers, or first time computer users. Perhaps they're unfamiliar with the way an Apple email should look. Perhaps they're not that experienced when it comes to phishing scams. After all, spammers, scammers, and phishers typically avoid the Apple brand. Apple is very aggressive in the protection of it's image/brand, and this sort of email will likely come to the attention of Apple's stable of lawyers. Watch out spammer! Apple might come after you with a vengence (personally, I hope they do). If they don't it will only embolden other spammers and their ilk.

If you're one of the customers I described above, you might click the link thinking 'Hey, what's up? My credit card is good, why am I getting this email? - I better straighten this out ASAP!'. I know that I was concerned (at first). I'd made some purchases recently, and I even used a different credit card than I normally use. Clicking on the link takes the unwary (I used an anonymous proxy to check out the web site) to the spammers lair. Laying in wait was a highly sophisticated web site. It looked just like an Apple web site, and it was asking me to enter my credit card info and other personal data in order to 'Update my Billing Info'.

If you'd like to see what the web site looked like (without risking a visit to the spammer's website), I've linked it to my website: <>. Both this image, and the one referenced above were shrunken down and modified to take up a little less room on my server. Otherwise, they are unaltered (excepted as noted above) as they appeared on the 30th of July, 2008.

As I mentioned earlier, I reported this spam. I reported it to the email web hosting providers associated with the phishing attempt. Within an hour and four minutes, the spammer's web site was shut down. How do I know? Because I received a second spam an hour and four minutes later. The same subject, same web site, same sender, etc. I checked the spammers website (using an annonymous proxy), and the web host had put up a banner that declared "This Account Has Been Suspended", "Please contact the billing/support department as soon as possible." Hopefully the spammer is stupid enough to contact the billing/support department. I hope they nab this scammer!

What's the point? - Two points. One: Don't get fooled by the Scammers, Spammers and Phishers. They're out there. They want your money, they want your identity, they'll do whatever it takes to get it. The annonymity of the internet makes thieves brave. Those who wouldn't dare confront you physically now have a way to assault you digitally. Be vigilant - If it smells like spam, don't click it. Examine the source, if it's spam, report it. Second point: Reporting spam works. By reporting this spammer, I got his web site shut down (or so I'm claiming! - Victory for me). My spam fighting efforts aren't going completely unnoticed. The web host was alerted to this illegal activity, and they acted in a responsible manner. They shut it down. Hopefully nobody got their bank account emptied by this scammer. If the web host is savy enough, and the spammer stupid enough, the authorities will be alerted, and one more spammer will find himself behind bars instead of behind the saftey of an annonymous email account.


History: This article/page was originally written back in 2008. When 'Phishing' was fairly innocuous, obvious, and uncommon. Now (in Nov of 2017), it's the secondmost common form of spam seen in my inbox (apparently adult dating/porn is still more lucrative), and it's growing in sophistication. Many of the phishing scams/emails I see today are just as sophisticated as the one I wrote about back in 2008, some are more sophisticated, and the take from these schemes is quite high (It's a multi-million dollar business). Man-in-the middle attacks, link manipulation, and poor certificate breaches are making online commerce a risky proposition.

Stay vigilant - Stay Safe: Don't click on the links in unsolicited email; use 'two-factor' authentication whenever possible; keep your OS up to date (to patch security vulnerabilities) and you should be suspicious of any email that asks for any personal information/details. Even an email that seems to be benevolent and helpful can be dangerous: A seemingly benevolent email: "I'd like to help you improve your website" might be delivered with a hidden agenda - Trying to get you to insert code (into your website) or somehow redirect visitors to a site with malicious code or one that collects user information.


Return to my Junk/Spam declaration page.
Author: Robert L. Vaessen e-mail:
Originally created: 30 Jul, 2008 - Last Updated: 19 Nov, 2017