Phishing E-Mails Hitting iTunes Consumers’ Inboxes

According to researchers from GFI Software (earlier called Sunbelt) the security company, fraudulent e-mails purporting to be from iTunes are being circulated online to fool unsuspecting users.

Here it's worth mentioning that iTunes is media player software from Apple.

The fake electronic mails, while addressing customers of iTunes, tell them that someone has probably stolen their account passwords, as during the past 24 hours, their accounts have been logged into with the help of four separate Internet Protocol addresses. Thus recipients must open a given web-link to find out the things they should do as also the way for contacting customer care, the e-mails add.

But, if the web-link is clicked, users are led onto a page that merely resembles a support article from Apple titled "How to report an issue with your iTunes Store purchase."

And while the web-page as such may appear harmless, it, in reality, installs scripts, which attempt at exploiting security flaws within obsolete Flash Player versions, un-patched Windows loadings, and Java for pulling down and loading malicious software.

These types of assaults are commonly given the name 'drive-by downloads,' while the victims remain totally unaware of the exploitations.

Meanwhile, GFI researchers uncovered one more interesting thing in the phishing e-mails that makes the messages appear authentic and credible. For, the e-mails state that iTunes won't ever request customers for any of their private information like password. So, in case their iTunes accounts become inactive it'll mean that the users probably have been victimized with credit card swindle. In such a situation they must contact iTunes' customer care by doing what are directed in the embedded web-link towards resolving the problem, the messages conclude.

However, security researchers observe that users can best eschew phishing scams similar to the aforementioned by not following web-links provided in e-mails. Instead they should manually access the websites by typing the URLs inside their browsers. Besides, they must erase all doubtful e-mails instantly.

Meanwhile, phishing scams attacking iTunes users are not new. During September 2010, cyber-criminals executed a potential spoofed e-mail scam, which apparently filched money out of the PayPal accounts of iTunes users.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 1/1/2011