Phishers Use iCloud as Bait within Fresh E-Mail Scam; Sophos
According to Sophos the security company, "iCloud" the soon-to-be-launched cloud service of Apple that'll let end-users synchronize as well as save personal e-mails, media files, bookmarks, calendars, contacts, to-do check-lists, notes along with data across gadgets, has been found as bait within one fresh phishing assault.
Displaying the caption, "Welcome to iCLOUD," the phishing electronic mails spoof the sender's address to seem as though they originated from a @iCLOUD.com id. Moreover, addressing present MobileMe users, the e-mails request the recipients to register for iCloud by hitting on "submit" so that they can maintain their previous e-mail id while shift their mail, bookmarks, calendars, and contacts to iCloud.
The e-mails further inform that there'll be automatic continuation of the user's subscription through July 31, 2012, free-of-cost. But beyond that period, the user won't have the MobileMe service anymore. Finally, the e-mails direct the recipients to click on "The Apple store Team" link for upgrading to iCLOUD.
A widely-circulated news that iCloud will in fact substitute MobileMe as also will no longer be available from June 30, 2012 not July 31, 2012 may lend an authenticity to the current assault.
Thus, if anyone clicks on the link, he'll get diverted onto a website, which deceptively resembles Apple's actual website while requests the user for providing personal credentials like his mother's name (before marriage) and his Apple ID details. The personal information asked is essentially all that which will allow even highly unskilled cyber-crooks to gain admission into victims' identity and money un-hurdled.
Sophos outlines that the current phishing e-mail can initially look genuine, however careful perusal will indicate certain tell-tale signs about the said kind of scam e-mails. First, the word iCloud is written in caps as iCLOUD. Second, the sender's address is no-reply@iCLOUD.com rather than a lawful Apple.com. Third, the signatory is "Apple store team" that's different from the MobileMe and iCloud teams responsible for creating iCloud.
Finally, the message seems to deliberately confuse by first directing that the e-mail recipient should subscribe to iCloud, nevertheless subsequently indicates that with the subscription he can have his account with MobileMe running for an additional 12-months.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 08-09-2011