Apple users have been the victims in two elaborate phishing scams within the last few months. With a new post on the Mobile Me Blog, Apple has addressed some of these issues directly.
The First Phishing Scam in early July was centered around the Online Apple Store and updating your personal account information. Many readers sent us tips on July 5th about a very “authentic-looking” email asking them to update their credit card information at the Online Apple Store, specifically for their .Mac (dot-mac) accounts. This information of course was not being collected by Apple, but instead by malicious hackers.
The second Phishing Scam was centered around Mobile Me. The timing for this one couldn’t have been worse for Apple users. With all the confusion surrounding Mobile Me’s launch, users were receiving this email (image link) which was asking them to update their credit card information. It was reported that this scam caught thousands off guard, with just as many users submitting their personal information into the fake Apple site.
Up until this recent update on Apple’s Mobile Me Blog, the company has stayed rather quite about the whole issue.
The full update from Apple’s Mobile Me Blog is below:
Being Phishing Aware
Phishing — the name for fraudulent attempts to obtain credit card numbers, passwords, social security numbers and other sensitive information — isn’t an issue exclusive to MobileMe. Still, it’s as relevant to MobileMe subscribers as anyone else, and warnings about it bear repeating from time to time.
There are thieves in the world who work hard at creating emails that appear to come from legitimate companies, frequently even including links that go to real pages on those companies’ web sites. But at least one of the links will lead to a site that looks like it belongs to the company but is in fact a fake which asks readers to enter personal information such as their address, phone number, credit card number, or other information the thieves can use to steal from the unwary.
You will never receive a message from MobileMe asking you to send personal information over email. If we are ever unable to charge your credit card, for instance, we will send you a reminder email, but will not directly link to any web pages. The safest way to respond and update any necessary information is to type www.me.com into your browser and log in to your account directly. That way you can be confident you are at me.com and your personal information is secure.
For more detailed information about phishing emails, including how to use MobileMe webmail to see the real address hiding under a link, take a look at this support document. And for more information about phishing in general, try this Wikipedia entry. Finally, if you do receive an email that arouses your suspicions, select all the text in the message and use the Forward as Attachment command in the Message menu in Mac OS X Mail or the Action menu in Outlook to send it to reportphishing@apple.com. This will provide us with information that can be useful to our legal department and outside law enforcement, and we’ll be grateful for your help. Like crime in general, phishing can’t be totally stamped out, but it can be fought.
Click here to see a bigger version of the fake email that was being sent to users. As always, we’d like to remind everyone to please be extra careful when browsing the web. Always be sure to double check the web address and security before blindly typing your personal credit card information into any website.
[Attribution: TheiPhoneBlog]
One Comment to “Apple: Mobile Me Phishing Scam? Let’s Blog About It”
I googled clip art and clicked on one that offered free downloading of clip art for two weeks, I was not successful in downloading clip art. I was not notified when the two week offer expired. Then a $99 charge showed up on my credit
card. I did not subscribe. I think I was the victim of phishing.
Reply