Friday, August 31, 2012

New Phishing Scams Target Apple Users

Threads have popped up over on the Apple Support forums detailing new phishing scams aimed directly at Apple owners and iTunes users. In a multitude of individual threads forum members have posted information about at least three attempts to scam them out of their Apple ID or get them to visit malware infected links or site.

 In one post a user shows a fake receipt for iTunes charges which offers several links including a download link. The link then leads off to a malicious site. In other postings users posts fake emails claiming the "users account has been temporarily blocked." A third posting shows a rather realistic looking Apple Care email as well as a few follow-up emails offering information about OSX 10.8 Mountain Lion or claiming that iTunes will be shut down.

MacMall, Everyday Low Prices on All Your Favorite Apple Products
In this case it is fairly easy to spot the scam as the email comes from a Gmail account or asks the user to reply to the Gmail account. However, should the recipient click one of the links contained in the email they are likely sent to a fake landing page which would ask for your Apple ID and password.

In the cases pertaining to emails telling the users their accounts had been blocked the e-mails provided a “Confirm Your Identity” button or link, which, of course, leads you to a phishing site. The malicious site will either ask you for your Apple ID or attempt to load malware on your machine. Most companies, including Apple, will not send you "account blocked" emails and if they do you should check the email closely for discrepancies. I always prefer to visit the sites directly to verify that I need to re-instate my account. In this case an Apple user can simply head over to Apple’s My Apple ID site, where you can login, reset your password, and check that your credentials are safe and sound.

Phishing is not something new to the online community and certainly not something new to Apple. But phishing attacks have become big business and scammers are becoming increasingly more sophisticated. If you receive an email from Apple or iTunes (or any other site for that matter) you should be very wary of the links provided. Legitimate emails from legitimate companies will never ask you to provide personal information or sensitive account information (such as passwords or credit card numbers) via email.

For more help determining the validity of those Apple emails checkout Apple's support page "Identifying legitimate emails from the iTunes Store."

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you