Muschamp Rd

Frickin’ Russians

September 19th, 2013
Phishing graphic

I just got an email that looked like it came from Apple. It looked like I or someone pretending to be me had changed some settings on my AppleID, something that is entirely possible given I’ve had to reset my password many times and I just downloaded several major updates from Apple yesterday. But was it a real email from Apple, no it was a phishing exercise from Russia.

Nothing good ever comes from mail.ru and I know Russians, this email comes from p-online.ru whatever that is. Here is the email with complete Internet headers, don’t get fooled by this Apple fans.

From ???@??? Thu Sep 19 16:42:37 2013
Return-path: <www@p-online.ru>
Envelope-to: andrew@muschamp.ca
Delivery-date: Thu, 19 Sep 2013 19:26:44 -0400
Received: from [81.222.197.4] (helo=p-online.ru)
	by 01-ah-r29u34-ss30.alphahosting.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.72)
	(envelope-from <www@p-online.ru>)
	id 1VMncR-0004JC-Rg
	for andrew@muschamp.ca; Thu, 19 Sep 2013 19:26:44 -0400
Received: from www by p-online.ru with local (Exim 4.69 (FreeBSD))
	(envelope-from <www@p-online.ru>)
	id 1VMnj1-0002qO-U0
	for andrew@muschamp.ca; Fri, 20 Sep 2013 03:33:31 +0400
Date: Fri, 20 Sep 2013 03:33:31 +0400
To: andrew@muschamp.ca
From: AppIe <support@appleid.ca>
Reply-To: 
Subject: Notice of Update
Message-ID: <87ae73273e7472d3f674d9df50fb1645@rock-festival.ru>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"
Sender: World Wide Web Owner <www@p-online.ru>

[	This message was sent as HTML. The text you see here was	]
[	generated by Mailsmith; the original HTML is available as	]
[	an enclosure.												]

Hello,

The following information for your ID was updated :

   Account informations

If these changes were made in error, or if you believe an unauthorized person 
accessed your account, please reset your account information immediately 
by going to update.appIe.com <http://appleid.abaclia.vox.md/apple.com>.

This is an automated message. Please do not reply to this email. 

Thanks,
Apple Customer Support

Posts on Muskblog © Andrew "Muskie" McKay comments not necessarily so...
CFA Institute does not endorse, promote or warrant the accuracy or quality of Muskblog. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.