Warning: App Store users receiving email spam pretending to be from Apple

By , Apr 15, 2012

The App Store has seen its fair share of drama since its creation, and while Apple never publicly acknowledged any of it, there have been ample amounts of evidence showing that iTunes accounts have previously been hacked to steal money from store credit, or to buy applications without the account’s owner’s consent. Last year, some hackers went as far as selling iTunes accounts login information on ToaBoa.com, a Chinese site similar to eBay.

Today we received tips from two independent sources claiming they had received a suspicious email from Apple, urging them to download an application from the App Store. The email happens to be a fake, but the application is real…

The email looks like it is coming directly from Apple. Of the two emails we saw, both had different senders (Rebecca Schumacher and Angelo Seals) but they both conveniently showed no_reply@apple.com.

The application in question is The Tribez HD, a free app with about 22,000 reviews, mostly positive. So is the developer of this application to blame for the email spam?

Strangely, the link to the app download sent in the email doesn’t directly take you to the app in the App Store. Instead, it goes to http://hastrk2.com/pub_c?adgroup_id=3513, then redirects to a subdomain of mobileapptracking.com, which finally redirects you to the app in the App Store.

After doing a quick research, I found out that the hastrk2.com domain belongs to a company called Adapp Solutions, which happens to run another business called mobileapptracking.com.

Adapp Solutions describes its offering as:

Even as the online advertising industry continues to grow, too many participants are forced to use software that doesn’t match up to the quality of their business. Adapp – made up of a core team of highly successful former affiliate marketers – was founded on the simple idea that giving ad network managers and affiliates themselves complete control over every aspect of their application was the best approach.

If you are interested in our product you can find it at www.hasoffers.com

So I visited HasOffers.com, the site that Adapp Solutions presents as its store front. From what I understand, HasOffers is an affiliate tracking software that allows businesses to track and manage their own affiliate programs. A quick look on their other website mobileapptracking.com tells me that “Mobile App Tracking provides a simple, yet effective means of tracking mobile app installs back to marketing and advertising sources”.

At this point, I stopped digging more and tried to figure out who’s to blame in this spamming campaign. Is it the app developer of The Tribez HD, or is it Adapp Solutions which already has a shady past?

I see 2 possible scenarios:

1. The developer of The Tribez HD are the spammers and they are simply using Adapp Solutions as a tracking tool, or

2. Adapp Solutions has been commissioned by the developers of The Tribez HD to get more people to download the application.

In both cases, the main question that comes to mind is how did they get these email addresses from App Store users? Are these email addresses part of the accounts that were hacked into and sold on ToaBoa.com?

I have contacted both the developer and Adapp Solutions people to find out more and I will make sure to update this post with updated information as it becomes available. I also alerted Apple about the suspicious emails.

In the meantime, I doubt there is any risk in downloading The Tribez HD app, but you might still act with caution if you receive such an email.

Update from Adapp Solutions:

Ya. The application developer Game Insight uses our technology. We’re a third party software provider that provides advertising analytics so not sure why we’re the focus on your article.

You should be reaching out to Game Insight directly.

Update 2: I received an official statement from Game Insight. As you might notice, they didn’t even bother coming up with their own words and just copy/pasted part of my post.

Game Insight APOLOGIES FOR MARKETING SNAFU

THE TRIBEZ hit by marketing traffic scam

MOSCOW/SAN FRANCISCO –APRIL 16, 2012 – Game Insight’s The Tribez was hit by a traffic marketing scam earlier today sending users a false email with an Apple email address. The email looks like it is coming directly from Apple. Of the two emails we saw, both had different senders (Rebecca Schumacher and Angelo Seals) but they both conveniently showed no_reply@apple.com.

Game Insight would like to apologize for this situation and have found the affiliate responsible for this scam. The partner is located in Armenia and we have cut all ties to this company. We pride ourselves in our games and believe in no such false advertising. We again, would like to apologize for these emails and are working hard to make sure this never happens again.

About Game Insight

Founded in 2009, Game Insight is one of the leading social and mobile gaming studios in Russia, with strong representation globally. Game Insight’s portfolio includes games on Android, iOS, social, Web, and HTML 5. The studio is committed to creating free-to-play games on these platforms of the utmost quality. Find more information on Game Insight at the official Web site: http://www.game-insight.com/

[Thanks Jurvis and Carlos for the tip]

  • Share:
  • Follow:
  • http://twitter.com/ReagentX ☣ X ʇuǝƃɐǝᴚ ᴚ³ʞ☪@# ☣

    So they’re recording traffic. Who cares? The emails they send to Re probably from databases that already exist, not compromised accounts. I don’t see the problem, other than the obvious of getting people to download the app.

    • http://www.idownloadblog.com Sebastien

      They pretend to be Apple and that’s not a problem for you? This is the very definition of spam!

      • http://twitter.com/xdracco Juan

        sounds more like phishing to me.

      • http://twitter.com/ReagentX ☣ X ʇuǝƃɐǝᴚ ᴚ³ʞ☪@# ☣

        They’re not making it look like it was from Apple. Read the email screenshot. It’s a reccomendation. Anyone can send those.

  • Greg R

    Wow I got that email from diff name

  • http://twitter.com/pranavshankar93 Pranav Shankar

    @sebastian page
    Lol you have great potential
    Scotland yard could use someone like you
    Lol JK…..nice work!.:)

  • Anonymous

    I got the email too. Same name, Angelo Seals with an address of do_not_reply@apple.com.

  • http://www.facebook.com/profile.php?id=100002362765241 Mario Cabrera

    still waiting to get the email !!!!

  • http://flavors.me/mile MILE

    A company that starts an official reply to a journalist with “Ya.” makes a really professional impression…

  • Aleksander Azizi

    it’s very easy to make your email look like it is sendt from Apple or any other email adress. joust check out Quickoffice, there you can choose what email to display on the other end. really simple..

  • Anonymous

    Ok give me ur e-mail :)