Apple MobileMe Users Are Attacked By Phishing Scam
A new phishing attack circulating via email messages and target Apple MobileMe users. These messages claim that there is a problem with the user’s billing information and instruct the user to follow a web link to update personal information. Clicking on this link directs the user to a web page that contains a seemingly legitimate web form requesting personal and financial information. Any information entered in this form is not sent to Apple but rather, to a malicious attacker.
Hundreds of Mac users have already been deceived by this phishing scam according to data obtained by CardCops, a credit card protection service owned by the Affinion Group. Sensitive information belonging to several hundred people with Mac.com email addresses being traded in underground forums frequented by identity thieves. The details include social security numbers, birth dates, mothers’ maiden names, credit card numbers and other sensitive information. This event coincided with the glitches in the roll-out Apple’s MobileMe service.
The information was phished using emails that began circulating around the same time Apple began its ill-fated transition from Mac.com to Me.com. The scams bore subjects such as “Billing problem.” The phishing email purporting to come from Apple looks clean and sleek, the text courteous and professional, hardly the kind that instantly gives away an email as a fake or scam. Below is a screenshot of the said email:
A number of links in the email body directs the victim to legitimate Apple pages, and only one link (the clicking here link) is directed to the phishing site. Once users click on the link, they are directed to http://www.******tevideos.net/store.apple.com/us, a site that is not associated with Apple. It displays a Web page fashioned to look like one from the Apple Web site, and asks the user to update their billing information.
Users following the link while using Apple’s Safari browser are taken to an authentic-looking page purporting to belong to Apple. It asked users to reinstate their accounts by entering all kinds of personal details. Internet Explorer warned that the page was a scam, but Safari and Firefox did not.
Users, especially Apple service users, are implored to be wary about clicking on links from emails that appear to be legitimate.
More on CyberInsecure:
May 16th, 2012 at 11:03 pm
Well, I’m an idiot. I am usually prttey good about sniffing these out, but as I was cleaning my e-mail I saw this (I’m very tired too). I clicked the link and only took me to a We’re sorry but this page is not available but the whole thing looked weird to me. I’m running Symantec Endpoint Protection at the moment and nothing has come up. From what I read there was an associated zip file or some other executable. What should I look for?