MobileMe Again Hit by Phishing Scam
MobileMe, online services collection based on subscription offered by Apple, has again come under attack by cyber crooks. In early February 2009, the service had already been the target of a phishing scam.
The current phishing method used by cyber criminals is quite similar to the earlier scam. The fraudster has dispatched spam mails that pretend as Apple messages in a bid to trick MobileMe users into giving away their credit card number.
The fake e-mail diverts users to a fraudulent site that appears to be of Apple's. Users unwittingly click on the link provided in the e-mail and feed in personal details on a phony Apple webpage.
Although the e-mail sender's address is spoofed as firstname.lastname@example.org, the captions of the spam mail suggest that it seems to emanate from gamma.oxyhosts.com, a web-server operated by the UK-based company.
Furthermore, it has been found that the fraudulent e-mail includes errors in formatting that should signal users of the deception, and it diverts users to a URL namely http.apple-billing.me.uk.
Security specialists further said that considerable factors differentiating a genuine Apple e-mail and the bogus spam could be effortlessly located. Normally, Apple's official e-mail puts down the username of the account, the last numbers of their payment card number, as well as guides the recipient to access MobileMe himself, instead of providing a web link and asking to follow it.
Moreover, according to the security specialists, Apple e-mail would normally ask users to start a MobileMe Internet session with an SSL security prior to entering their payment card details. But the website indicated via the current e-mail bears no SSL security.
Explaining the reason for the repeated attacks on MobileMe, the security specialists said that theft of credit card details is significant business; therefore, it isn't surprising to find such a large number of phishing attacks against MobileMe, a niche service.
The specialists also said that to stay safe from divulging one's credit card details to phony Apple site, a user should visit the payment site himself. This also implies that people must avoid e-mails having links that claim to be from Apple.
Related article: MobileMe Phishing E-mails Hitting Apple Users
» SPAMfighter News - 04-03-2009