Reading time: 2 – 4 minutes
I haven’t bought any gift certificate from iTunes ever so I was fascinated when I came to read an email allegedly coming from iTunes informing me of a purchase for $50 worth of iTunes gift certificate.
It was strange because the email was sent to my personal ISP email address via Outlook Express which I rarely even use for more than two years. The email came from “iTunes Store” (firstname.lastname@example.org) which looks quite believable because of the itunes.com domain.
The email reads,
You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.
Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.
The email is really very informal so it’s fishy in other words (see attached screenshot of the email below).
Again, my curiosity hits me so I tried to download the attachments but it was blocked by my Win XP2 OS so I didn’t pursue with the idea.
“Windows normally blocks suspicious emails if your program is running in a strong security mode.”
Most files that contain script or code that could run without your permission will be blocked e.g., files with extensions ending in .exe, .bat, and .js.
The attached file on the email is in .zip format so it’s likely that the hidden file which could be an executable (as most malware does) was compressed into a zip file for easier distribution.
It’s good however that Windows was able to detect the malicious file before it was even downloaded since in Yahoo as I’ve experienced before, although they scan the attachment prior to download using Norton, my post about a Facebook password reset email confirmation containing malware as attached file was not detected until after a few days.
Another lesson learned so far. Always check the veracity of an email before downloading any attachment and if found suspicious, delete them right away. End of story.
Got something similar to share? Let’s talk about it in the comments section.