Home / Security / Scams & Hoaxes / iTunes Gift Certificate Hoax Email

 

iTunes Gift Card HoaxI received an email from iTunes late last night claiming that I have received an iTunes Gift Certificate worth $50.00. The email instructed me to open an attached file to access a certificate code. Do not open this attachment!

I opened the attachment on my test machine to see what it was. My security tools identified the Trojan immediately.

The email is a hoax and it doesn’t contain any iTunes Gift Certificate. The criminals behind the email are trying to fool recipients into opening the attached file. Those who open the attachment will install a malicious Trojan that can give hackers access to their computers.

Example email:

Subject: Thank you for buying iTunes Gift Certificate!

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00. You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.

If you open the attachment you will not find a certificate code. Unfortunately, many users will take the bait and open the attachment. Once the attachment is opened he or she will inadvertently launch a malicious application that can install a Trojan. Once installed, this Trojan can then modify the Windows registry, potentially give hackers access to the infected computer by connecting to a remote server, and download and install even more Malware components.

E-mail messages that are related to this threat may contain the following files:

iTunes_certificate_197.zip
iTunes_certificate_147.exe

This tactic is often used to lure victims in believing they won something or they’re receiving a free gift. Internet Criminals will use logos and other content from the legitimate site in hopes that their victims will fall for the bait.

 

About the author: Frank Jovine

 

The idea for Tech Jaws and most of the look of the site came from Frank’s mind – a place you wouldn’t want to vacation. Frank takes his run of the waters up North, and has been building successful web sites for years. He’s a regular within social communities like Facebook, Twitter, StumbleUpon, Reddit and Digg. His favorite appetite for tech savvy web sites include, TechCrunch, ZDNet, and helping members in Yahoo Answers in the Computer category.

 

Recent posts in Scams & Hoaxes

 

45 Comments

  1. Hackers are now taking advantage of people’s weakness for free things.

  2. Just received two of these!
    I hate these people!
    Can I send it to a spoof@ email address?

  3. I got this one today but it contained the following file;
    Gift_Certificate_131.zip

    Some people are going to get caught out by this one I think, not because they are stupid but because people see FREE and $50 and think WOW!

    Reply address gives it away though, mine was reply to enticings7@AtlanticDevelopmentGroup.com and was sent from account@itunes.com

  4. I just got the same email, the criminals are good, when you click on reply it shows the email address as iTunes On
    online.shop@itunes.com

  5. I just received that email and it just didn’t ring true, so I googled it and sure enough….and yes a lot of folks will get fooled.

  6. I just received one and thought it looked suspicious so scanned it – but Microsoft Security Essentials said it was OK! Just as well I Googled it ….

  7. I just got one of these emails too. Did not open the file. I emailed the supposed reply address (not itunes even though they made it look like Itunes had sent it), and the email came back as undeliverable.

    Tried seeing if itunes had an address to forward the scam to, but I couldn’t find one. You’d think they’d want to be on this one.

  8. You have to look at the file itself, if the file is a .zip and when you double click on that file you see .exe that is a red flag, and tells you right away it’s a virus. Because exe means executable, it’s a program. Nobody would ever send you an exe file, it would be a .doc or .pdf or whatever. I also see this scam in the form of UPS telling me they lost my package. If you happen to open a file like this, go and search google for a program called maleware bytes, it’s a free program that will clear your computer of this type of trojan virus.

  9. Mine came from accordionsi37@intranet.asia, but the reply to is certificate.support@itunes.com

    $50 worth of free music would have been nice, though.

  10. This is a bit more than “bait and switch” ;-) The use of Social Engineering to trick people into clicking on things they shouldn’t continues to rise.

    Interesting that Microsoft Security Essentials did not catch this. I’m not sure how often MS Essentials updates.

    Once again proves the old saying, “If it seems too good to be real it probably is.”

  11. They are clever but don’t offer me $50 when my store deals in £’s.

  12. What – Apple give $50 for free? DEFINITELY a hoax!!!!! I received one of these too!!!!!!

  13. Pingback: Henning Uhle IT Solutions » Blog Archiv » Vorsicht vor iTunes Geschenken

  14. Wrote a German Blog entry about this topic.

    Have a look at: http://www.henning-uhle.eu/informatik/vorsicht-vor-itunes-geschenken

    Best wishes,
    Henning Uhle

  15. Hi, I got this e-mail yesterday and I immediately became suspicious when I saw it was a $50 gift voucher (plus the e-mail adresses looked strange), if the e-mail said it was a $5 voucher I could have fallen for it as I have bought a lot of music from iTunes recently and would have thought i was being sent a loyalty card type voucher.

    I’m glad I found this page after doing my google and know now I was right to be suspicious.

  16. I received a couple of these a little while ago, and the scary thing is that neither Forefront for MS Exchange on the server, or AVG on the client detected this as malware. On the client I even extracted the .exe file and manually scanned it after manually updating my virus definitions to make sure that they were current, and AVG still didn’t flag either the .zip file or the extracted .exe file as malware. That’s not good.

  17. Hi! I just received this email today and was quite curious what it was. I was scared to open it so I googled “hoax email Thank you for buying iTunes Gift Certificate!” and came to this site. I have just deleted it. Thanks for the information!

  18. Received below mail, msbai@planet.tn isn’t my mail add, have scanned attached file with my old antivirus and no infection detected but I have deleted the message and file.

    * * * * *
    iTunes Products”
    Sujet: [SPAM] Thank you for buying iTunes Gift Certificate!
    Date: Fri, 28 May 2010 11:03:26 +0900
    A:

    Hello!

    You have received an iTunes Gift Certificate in the amount of $50.00
    You can find your certificate code in attachment below. Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

    iTunes Store.
    Attached: Gift_Certificate_151.zip (53Kbytes)
    * * * * *

    All the best / Maan

  19. Thanks for this! I recieved this email and googled it right away.

    The attachment was:
    Gift_Certificate_251.zip

  20. I was suspicious because it came to an email address that I use for my business, which is not the email address I use for my apple account. This really concerns me because this email address is on our own secured server, not like a public address like msn.com or yahoo.com.

  21. I bit. I’d just ordered a bunch of stuff on itunes and, stupid me, thought I was the recipient of a random reward. I’m Mac OS. Should I be concerned? Everything I’ve read seems to indicate the trojan is as usual a windows thing.
    Should us mac folk be concerned?

  22. Thanks for putting this up! I got notice of this from a coworker and googled so that I could inform my friends and family. A lot of us our itunes subscribers and would have fallen for this. I’m really good about not opening suspect attachments, but I might have fallen for this thinking it was a birthday gift from an extended family member, since my birthday is coming up. Glad folks are looking out for each other!

  23. Thank you so much for posting this! I got a similar email and kind of figured it was a scam….

  24. Hi there,
    I received this twice and the reply to address on mine is:
    giantfkb@newreference.com
    You said it right when you say the criminals are getting smarter because we are getting smarter!