Apple Phishing Scam Targeting MobileMe Subscribers
According to Macworld, a Website and monthly computer magazine providing information on Apple Macintosh products, an e-mail pretending to have come from Apple and highlighting a billing problem is actually a phishing scam targeting Apple's online service users.
A reader forwarded the e-mail to Macworld in connection of MobileMe, a subscription service provided by the company to users for Web hosting and personal e-mail address. The e-mail appears authentic as it contains images from Apple's site and links to a number of Apple pages. The phishing takes place at the bottom of the e-mail where the user is informed that payment did not process.
The phishing e-mail informs the user that they could not process the recent payment possibly due to change in bank, phone number or credit card by him. Thereafter, the user is asked to provide the information by clicking on a link that opens a Web page in browser. The page is not affiliated with MobileMe or Apple.
After tracing the link, it was found that the Web page is registered to a private G-mail account located in Bacau, Romania. However, it is not yet confirmed whether the same person sent the e-mail.
Furthermore, the current phishing attack is cleverly crafted, as the billing premise is trustable considering the recent troubles faced by MobileMe. MobileMe has recently had legitimate billing troubles, making the e-mail more authentic. Fortunately, the URL of the phishing site does not resemble Apple URL; therefore, anyone who reaches the fake site will check the difference before keying in any information.
Moreover, the company said that users should not believe e-mails asking for personal information. It also advised users that they should directly visit the Website instead of following a link to check the problem. Users also check the domain name carefully as spammers used App le.com in place of Apple.com with a hope that users will not notice it. The company officials have also suggested consumers worried about recent Domain Name System (DNS) attacks to directly use IP address or use HTTPS/SSL.
Related article: Apple Patches QuickTime 13 Month Old Flaw
» SPAMfighter News - 26-08-2008