An
Email with the Subject "Your Apple ID was used to sign in to iCloud via a web browser." was
received in one of Scamdex's honeypot email accounts on Sun, 18 Oct 2015 21:53:22 -0700
and has been classified as a Lotto/Lottery Scam Email.
The sender shows as lTunes <apple@sendgrid.net>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => submissions@scamdex.com
[delivery-date:] => Sun, 18 Oct 2015 21:53:22 -0700
[received:] => Array
(
[0] => from mail176.wdc04.mandrillapp.com ([205.201.131.176]:58962)by bigcat.newsblaze.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)(Exim 4.86)(envelope-from )id 1Zo2Rm-0002jJ-ONfor submissions@scamdex.com; Sun, 18 Oct 2015 21:53:22 -0700
[1] => from pmta05.wdc01.mailchimp.com (127.0.0.1) by mail176.wdc04.mandrillapp.com id h4hrk01jvjg5 for ; Mon, 19 Oct 2015 04:53:19 +0000 (envelope-from )
[2] => from [85.105.156.243] by mandrillapp.com id 990488e79e0a42bf88de50420f7d3cf2; Mon, 19 Oct 2015 04:53:19 +0000
)
[dkim-signature:] => Array
(
[0] => v=1; a=rsa-sha1; c=relaxed/relaxed; s=mandrill; d=dietbet.com;h=From:Sender:Subject:Reply-To:To:Message-Id:Date:MIME-Version:Content-Type:Content-Transfer-Encoding; i=apple@dietbet.com;bh=AKVqmM/Ile7RKS3PF+MABJHye+M=;b=C7apD0iBOxsAYRA45ICuMANP/D4hDqMdKBUAuLc/2aIbNfx0uKHH65qQKtd0ghK8u0xbmkNeyJ7N crvoUkmKNKzBeQbETZIgkEOjglcnjYf7vN4SdMII685WkK7cU1rbTZph0uW2Hen5Ltej6hlK98pP Qnurr+WyHEUbRfF4DnQ=
[1] => v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; i=@mandrillapp.com; q=dns/txt; s=mandrill; t=1445230399; h=From : Sender : Subject : Reply-To : To : Message-Id : Date : MIME-Version : Content-Type : Content-Transfer-Encoding : From : Subject : Date : X-Mandrill-User : List-Unsubscribe; bh=CMk9fLtGrdZRhr4BZc7qYGYayE0vRBxYgEzGznRZLOQ=; b=PgqBjzLnUng12NhSmFTj+3vtE3Q+RXI9UMZzstN9M/pxUdcUP2F8V61fTzTjQJ9/gNlZole8R9VgbSvI5yVFgyIZ820+A0fMoOfRzlFXr4phq7hRgWLC5Fz219yUc5e0WOOHZHhzrh5hwlFtuBXg6yXV/i3TRNxaJwIGuhBsZBI=
)
[domainkey-signature:] => a=rsa-sha1; c=nofws; q=dns; s=mandrill; d=dietbet.com;b=PRB+EVc1FgNW6IKu39lx32EXK2oexhufCU1Bn8jXECaiG1+qe/IpPPVELkq1tiF2DpZ6IF7/OOZm 7VU8+Z0zcd5NPUDJ94eacnO3TxkIKWoo+Amb7kj3IFodIUBJK9lndzc7065bkLkMBVluzN+lvOyC CMeIuK5wPYmsGcmobFM=;
[from:] => lTunes
[sender:] => lTunes
[subject:] => Your Apple ID was used to sign in to iCloud via a web browser.
[reply-to:] =>
[to:] =>
[message-id:] => <32643883569202236018579@DESKTOP-DE9K691>
[x-report-abuse:] => Array
(
[0] => Please forward a copy of this message, including all headers, to abuse@mandrill.com
[1] => You can also report abuse here: http://mandrillapp.com/contact/abuse?id=9079581.990488e79e0a42bf88de50420f7d3cf2
)
[x-mandrill-user:] => md_9079581
[date:] => Mon, 19 Oct 2015 04:53:19 +0000
[mime-version:] => 1.0
[content-type:] => text/html; charset=utf-8
[content-transfer-encoding:] => quoted-printable
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
Your Apple ID (submissions@scamdex.com) was used to sign in to iCloud via a web browser.
Date and Time: October 19, 2015
Browser: Google Chrome
Operating System: Windows 10
Address IP: 197.163.1.10
If the information above looks familiar, you can disregard this email.
If you have not signed in to iCloud recently and believe someone may have accessed your account, go to My Apple ID and change your password as soon as possible. Click Here
Your Apple ID (submissions@scamdex.com) was used to sign in to iCloud via a web browser.
Date and Time: October 19, 2015
Browser: Google Chrome
Operating System: Windows 10
Address IP: 197.163.1.10
If the information above looks familiar, you can disregard this email.
If you have not signed in to iCloud recently and believe someone may have accessed your account, go to My Apple ID and change your password as soon as possible. Click Here
Apple Support
My AppIe lD | Support | Privacy Policy Copyright  2015 AppIe Canada lnc., 120 Bremner Blvd., suite 1600, Toronto ON M5J 0A8, Canada. All rights reserved.