iTunes Gift Certificate Hoax Email

by on 05/11/2010 in Scams & Hoaxes, Security

iTunes Gift Card HoaxI received an email from iTunes late last night claiming that I have received an iTunes Gift Certificate worth $50.00. The email instructed me to open an attached file to access a certificate code. Do not open this attachment!

I opened the attachment on my test machine to see what it was. My security tools identified the Trojan immediately.

The email is a hoax and it doesn’t contain any iTunes Gift Certificate. The criminals behind the email are trying to fool recipients into opening the attached file. Those who open the attachment will install a malicious Trojan that can give hackers access to their computers.

Example email:

Subject: Thank you for buying iTunes Gift Certificate!

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00. You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.

If you open the attachment you will not find a certificate code. Unfortunately, many users will take the bait and open the attachment. Once the attachment is opened he or she will inadvertently launch a malicious application that can install a Trojan. Once installed, this Trojan can then modify the Windows registry, potentially give hackers access to the infected computer by connecting to a remote server, and download and install even more Malware components.

E-mail messages that are related to this threat may contain the following files:

iTunes_certificate_197.zip
iTunes_certificate_147.exe

This tactic is often used to lure victims in believing they won something or they’re receiving a free gift. Internet Criminals will use logos and other content from the legitimate site in hopes that their victims will fall for the bait.

45 Responses to “iTunes Gift Certificate Hoax Email”

  1. Andrew@BloggingGuide

    May 13th, 2010

    Hackers are now taking advantage of people’s weakness for free things.

    • Colby

      May 28th, 2010

      Just got the email as well.

      Gift_Certificate_651.zip

      • Frank Jovine

        May 28th, 2010

        Colby,

        I hope you deleted it! :)

  2. Esther

    May 26th, 2010

    Just received two of these!
    I hate these people!
    Can I send it to a spoof@ email address?

    • Frank Jovine

      May 26th, 2010

      Esther,

      I would not reply to the spoof email or your email may find its way on other spam lists.

  3. Jarrod

    May 26th, 2010

    I got this one today but it contained the following file;
    Gift_Certificate_131.zip

    Some people are going to get caught out by this one I think, not because they are stupid but because people see FREE and $50 and think WOW!

    Reply address gives it away though, mine was reply to enticings7@AtlanticDevelopmentGroup.com and was sent from account@itunes.com

    • Frank Jovine

      May 26th, 2010

      Jarrod,

      Nice catch and I agree with you as some people will get fooled with this scam.

  4. Mike oconnor

    May 26th, 2010

    I just got the same email, the criminals are good, when you click on reply it shows the email address as iTunes On
    online.shop@itunes.com

    • Frank Jovine

      May 26th, 2010

      They’re getting smarter, because us users are getting smarter.

  5. Hank

    May 26th, 2010

    I just received that email and it just didn’t ring true, so I googled it and sure enough….and yes a lot of folks will get fooled.

  6. Kim Faulkner

    May 26th, 2010

    I just received one and thought it looked suspicious so scanned it – but Microsoft Security Essentials said it was OK! Just as well I Googled it ….

    • Frank Jovine

      May 26th, 2010

      Kim,

      Good move to take it one step further!

  7. Bill Brunelle

    May 26th, 2010

    I just got one of these emails too. Did not open the file. I emailed the supposed reply address (not itunes even though they made it look like Itunes had sent it), and the email came back as undeliverable.

    Tried seeing if itunes had an address to forward the scam to, but I couldn’t find one. You’d think they’d want to be on this one.

  8. Scott Tenzer

    May 26th, 2010

    You have to look at the file itself, if the file is a .zip and when you double click on that file you see .exe that is a red flag, and tells you right away it’s a virus. Because exe means executable, it’s a program. Nobody would ever send you an exe file, it would be a .doc or .pdf or whatever. I also see this scam in the form of UPS telling me they lost my package. If you happen to open a file like this, go and search google for a program called maleware bytes, it’s a free program that will clear your computer of this type of trojan virus.

    • Frank Jovine

      May 26th, 2010

      Scott,

      Thanks for the share. I always appreciate people helping people!

  9. beni ellis

    May 26th, 2010

    Mine came from accordionsi37@intranet.asia, but the reply to is certificate.support@itunes.com

    $50 worth of free music would have been nice, though.

    • Frank Jovine

      May 26th, 2010

      beni,

      It would be nice, but some things free, cost more than you think.

  10. Mike @ Computer Tips

    May 26th, 2010

    This is a bit more than “bait and switch” ;-) The use of Social Engineering to trick people into clicking on things they shouldn’t continues to rise.

    Interesting that Microsoft Security Essentials did not catch this. I’m not sure how often MS Essentials updates.

    Once again proves the old saying, “If it seems too good to be real it probably is.”

    • Frank Jovine

      May 26th, 2010

      Mike,

      Amen brother! The hoax here is that people love free stuff and that’s the bait.

  11. paddy redmond

    May 26th, 2010

    They are clever but don’t offer me $50 when my store deals in £’s.

  12. jamiih

    May 26th, 2010

    What – Apple give $50 for free? DEFINITELY a hoax!!!!! I received one of these too!!!!!!

    • Frank Jovine

      May 27th, 2010

      jamiih,

      Good catch and way to be cautious!

  13. Henning Uhle IT Solutions » Blog Archiv » Vorsicht vor iTunes Geschenken

    May 27th, 2010

    [...] Techjaws: iTunes Gift Certificate Hoax Email [...]

  14. Henning Uhle

    May 27th, 2010

    Wrote a German Blog entry about this topic.

    Have a look at: http://www.henning-uhle.eu/informatik/vorsicht-vor-itunes-geschenken

    Best wishes,
    Henning Uhle

  15. Kellie

    May 27th, 2010

    Hi, I got this e-mail yesterday and I immediately became suspicious when I saw it was a $50 gift voucher (plus the e-mail adresses looked strange), if the e-mail said it was a $5 voucher I could have fallen for it as I have bought a lot of music from iTunes recently and would have thought i was being sent a loyalty card type voucher.

    I’m glad I found this page after doing my google and know now I was right to be suspicious.

    • Frank Jovine

      May 27th, 2010

      Kellie,

      I am glad you didn’t fall for this scam. Thanks for commenting and hope to see more!

  16. Scott

    May 27th, 2010

    I received a couple of these a little while ago, and the scary thing is that neither Forefront for MS Exchange on the server, or AVG on the client detected this as malware. On the client I even extracted the .exe file and manually scanned it after manually updating my virus definitions to make sure that they were current, and AVG still didn’t flag either the .zip file or the extracted .exe file as malware. That’s not good.

  17. Maria

    May 27th, 2010

    Hi! I just received this email today and was quite curious what it was. I was scared to open it so I googled “hoax email Thank you for buying iTunes Gift Certificate!” and came to this site. I have just deleted it. Thanks for the information!

    • Frank Jovine

      May 28th, 2010

      Maria,

      I am happy you found us in search before opening up that hoax email. WTG!

  18. Maan

    May 28th, 2010

    Received below mail, msbai@planet.tn isn’t my mail add, have scanned attached file with my old antivirus and no infection detected but I have deleted the message and file.

    * * * * *
    iTunes Products”
    Sujet: [SPAM] Thank you for buying iTunes Gift Certificate!
    Date: Fri, 28 May 2010 11:03:26 +0900
    A:

    Hello!

    You have received an iTunes Gift Certificate in the amount of $50.00
    You can find your certificate code in attachment below. Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

    iTunes Store.
    Attached: Gift_Certificate_151.zip (53Kbytes)
    * * * * *

    All the best / Maan

    • Frank Jovine

      May 28th, 2010

      Maan,

      Good catch and glad you deleted the email.

  19. Jess

    May 28th, 2010

    Thanks for this! I recieved this email and googled it right away.

    The attachment was:
    Gift_Certificate_251.zip

    • Frank Jovine

      May 28th, 2010

      Jess,

      I see everyone commenting did the right thing and checked further to see if this was real or not.

  20. Jamie

    May 29th, 2010

    I was suspicious because it came to an email address that I use for my business, which is not the email address I use for my apple account. This really concerns me because this email address is on our own secured server, not like a public address like msn.com or yahoo.com.

  21. mark burk

    May 31st, 2010

    I bit. I’d just ordered a bunch of stuff on itunes and, stupid me, thought I was the recipient of a random reward. I’m Mac OS. Should I be concerned? Everything I’ve read seems to indicate the trojan is as usual a windows thing.
    Should us mac folk be concerned?

    • Frank Jovine

      May 31st, 2010

      Mark,

      Mac folks will should be cautious regardless of how exposed Windows has been.

      • mark burk

        Jun 1st, 2010

        Thanks Frank,
        I’ve got no kind of malware for mac. Is there anything I should purchase to search and expunge? Or am I doomed to wait to see if my bank accounts start draining?

        • Frank Jovine

          Jun 1st, 2010

          Mark,

          Just be cautious when receiving unsolicited email.

          • mark burk

            Jun 1st, 2010

            Frank,
            just to clarify and close loop here, you don’t think there is any software available to search and expunge this for mac? Excuse the persistence.

          • Frank Jovine

            Jun 1st, 2010

            Mark,

            It’s mostly email related so no to your question and just use your eyes on this one.

  22. Jenni

    Jun 1st, 2010

    Thanks for putting this up! I got notice of this from a coworker and googled so that I could inform my friends and family. A lot of us our itunes subscribers and would have fallen for this. I’m really good about not opening suspect attachments, but I might have fallen for this thinking it was a birthday gift from an extended family member, since my birthday is coming up. Glad folks are looking out for each other!

    • Frank Jovine

      Jun 1st, 2010

      Jenni,

      I am so happy that we can identify and notify our readers. Thank you and hope you visit again!

  23. Heidi V.

    Jun 3rd, 2010

    Thank you so much for posting this! I got a similar email and kind of figured it was a scam….

    • Frank Jovine

      Jun 3rd, 2010

      Heidi,

      You are very welcome and I am glad you found the article from search.

  24. Carmen M

    Jun 9th, 2010

    Hi there,
    I received this twice and the reply to address on mine is:
    giantfkb@newreference.com
    You said it right when you say the criminals are getting smarter because we are getting smarter!