PDA

View Full Version : Message Scam?



Zappo
01-21-2016, 02:30 PM
Today I received a message on my iPhone 6 claiming that I'd missed a message from Apple and to: CLICK HERE: removed.

Needless to say I'm deeply suspicious and have no intention of clicking on the link. My research via DuckDuckGo so far tells me absolutely nothing. However, the search box shows the address http://94.242.210.199/iphone6/p/au/1/index.php?city={city}&model={model}&brand={brand}&browser={browser}&device={device}&browserversion={browserversion}&os={os}&osversion={osversion}&useragent={useragent}&ip={ip}&referrerdomain={referrerdomain}&trackingdomain={trackingdomain}&language={language}&connectiontype={connection.type}&carrier={carrier}&isp={sip}.

Further, the message states that to unsubscribe I should click on the following link (yeah, right!): http://unsubscribe.mobi. This brings a server not responding message.

Forwarded to you in case it's a known scam.

lclev
01-21-2016, 04:09 PM
I would go with it being a scam. The IP address shows it originated in Steinsel, Luxembourg. So it is not from Apple Also mobi is a company that offers mobile apps plus other things but I question if this has anything to do with them.

Lisa

chas_m
01-21-2016, 05:28 PM
Apple doesn't text people, of course its a scam.

The "mobi" in the message isn't from a company named mobi, it's the web extension of the mobile version of a site.

Cr00zng
01-21-2016, 06:25 PM
Actually, the "mobi" extension is a Top Level Domain or TLD. Go Daddy is the registrar for unsubscribe.mobi domain, the registrant is private via Domains by Proxy.

There are no MX records or email server addresses for this domain, which is not normal. ICANN require admin, registrant and tech support email addresses; all three of them are the same, unsubscribe.mobi_at_domainsbyproxy.com.

Lisa is right, this is spam that would redirect to the unsubscribe.mobi domain, where the malware is awaiting for download. Sort of odd since hacker prefer to host their malware at legitimate websites....