toggle

AAPL Stock: 100.53 ( + 1.37 )

Printed from http://www.macnn.com

MobileMe phishing scam dupes hundreds

updated 07:55 pm EDT, Thu August 14, 2008

MobileMe phishing scam

A phishing scheme targeted at MobileMe users has duped hundreds into releasing their credit card or other personal information according to Computerworld. Dan Clements, president of identity protection company CardCops, claimed hundreds of people were scammed with mac.com in a single day. CardCops uses investigators and automated bots to find information online in places frequented by cybercriminals. A recent search uncovered a stash of records in a server used to house stolen information.

Computerworld was allowed to view the files and verified that the records found on the servers contained multiple "full profiles" including names, addresses, credit card numbers, card security numbers, birth dates, mother's maiden names, and e-mail addresses and passwords. There were approximately 300 profiles collected in one day, with 100-200 being mac.com addresses, according to Clements.

After contacting the victims CardCops were able to get a better idea of what actually happened. Clearly it was a phishing attack, but the timing was calculated to coincide with Apple's recent migration of its older .Mac service to the new MobileMe service. The timing appeared to increase the success rate for the phishers.

Earlier this week there were reports of messages that appeared to be sent by Apple to ask MobileMe users to re-enter their credit card information because of a billing problem. Many people didn't think twice about giving out their information. "Some of the users who we talked to were very sophisticated users. But they still fell for this attack," said Clements. Jovi Umawing of Trend Micro made similar observations, he said the message "looks clean and sleek, the text courteous and professional, hardly the kind that instantly gives away [it] away as a fake or scam." Links to legitimate Apple pages were even included in the mail.

Clements claimed another factor played a role: Apple users' high level of trust with the company. Another attack in May targeted iTunes users. The criminals used a similar tactic, claiming credit card problems required them to enter their information again to update their accounts.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. robttwo

    Joined: Dec 1969

    -1

    dumb asses

    Before you click -- check!!

    Doofuses.

  1. dmsimmer

    Joined: Dec 1969

    0

    Percentages

    Never say never. But I will say but...I would never respond to an email wanting my credit card or other secure info.

    Look at the URL for god's sakes!

  1. OkieDoc

    Joined: Dec 1969

    +1

    Re: "check the URL"

    You've got to have a lot of sophistication to understand that the URL that you see may actually resolve to a totally different URL, which may even have the words "apple" or "itunes" in it, eg. apple.x.com.

    I actually did a double take when I got these emails, because I, like a lot of people, have a .Mac/MobileMe renewal date usually in September, since that was when .Mac was originally created. I had also recently made an iTunes purchase, AND had an expiring credit card renewal date, so I'm glad that I triple-checked where the URL resolved to. (it was in the .ws domain, in case you're interested, and was registered to someone in Germany).

    Most of my friends, family, etc. would have fallen for it easily.

  1. chas_m

    Moderator

    Joined: Dec 1969

    -6

    Mac users are smarter

    and this PROVES IT.

    They only got 200 mac users to fall for this?? I don't know how many they sent out but I got one, I should think the number would be in the hundreds of thousands if not a million (MobileMe does have millions of users, btw).

    Compare this to the numbers of Winblows users falling for phishing scams on the other side (the only reason they continue to appear -- because enough Win users fall for it!) and I think the question of who's the more savvy group is quite clear.

  1. macnixer

    Joined: Dec 1969

    -1

    online privacy is

    a very serious business. fact is the the ease with which the whole implementation is done here in US is very detrimental to the implementation of a secure system. i have traveled to india where applying for a credit card actually requires you to go to the bank and a mandatory visit by the reps (spies) from the bank physically verifying your address and identity without your knowledge from neighbors at random (no way would you pass off easily). they even go to the extent of researching your origins and dig too much. result is delayed arrival of a credit card but faking an identity is minimal. you have to be great con master.

    then comes the stupidity of people sharing their information willingly without verifying the links. how does one prevent from providing the info. simple, when you get a mail asking for credi card or personal info, first go to the actual website directly and look for a link that is real. even if you do see a link, call the support number and ask if they really need your info over again. send a mail to the support asking for further info. 99.999% of the times you will be told that they don't need it and someone is phising. i had been approached by "reps" from my banker to provide my personal info for a survey on behalf of my bank. i wrote to my banker. guess what these guys were traced and the bank sent me a mail about being careful.

    waiting a couple of days for proper confirmation with vendors like apple or your banker would save you a lot more than the many many days and months that you would need to recover from the loss you made knowingly. frankly not being trusting and being a doubting Tom helps.

    enjoy safe surfing.

  1. Guest

    Joined: Dec 1969

    0

    LIke how this is news

    That 200, or so, people got phished is news how? How many get phished every day from other scams and are they reported? Nope! Its only news because they can put Apple in the story.

    Come on Macnn, lets get some real news!

  1. sath71

    Joined: Dec 1969

    -2

    Genuine billing prob

    The reason this scam worked, and this is entirely Apple's fault, is that there was a billing problem with Apple's servers at the time of the MobileMe transition catastrophe - I for one had a message on my genuine MobileMe account stating that there was a problem with my card when I knew there wasn't one. I contacted Apple and they said that they were aware of the problem and were working on a fix. Obiviously the scammers picked up on this issue and started their phishing scam.

  1. dynsight

    Joined: Dec 1969

    -5

    Billing Schmilling

    No company provides you a link directly to their site where you enter in sensitive information. They tell you to go to their site and login.

    I had a fairly convincing one from Google Adwords, but a quick look at the URL google.phishingsite.ru) told me it was fake.

    I think Mac users are a bit "smarter" because I think their users are a bit better educated.

    Macs are more expensive, people with education make more money, thus can afford macs. Provide any anecdotal evidence to the contrary, but better educated people have more disposable income for a computer.

    Also Macs are very popular on campuses.

    Also, a lot of seniors use windows, and I have found them to be easily gulled.

  1. sailin74

    Joined: Dec 1969

    0

    Amazed

    I'm amazed that any company would ever send a user a link to any part of their website. The companies should be training their customers to never, ever click on a link in an email. It's too bad companies don't take a more sophisticated role in fighting this.

  1. MeandmyMac

    Joined: Dec 1969

    0

    It might have been lower

    than the 200 who had fallen for it, had the introduction of MobileMe not been plagued with problems which could have lend more credibility to this phishing scam. Still, a hard lesson for those 200 to learn, but more importantly, a lesson for all of us to be reminded of - and that is, the world wide web has its share of jerks!

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Pure Jongo T2 wireless speaker

Multi-room audio compatibility is a key metric for wireless sound systems these days. The entry cost into a house-spanning system can ...

Logitech Z213 multimedia speakers

Desktop computer speakers sit in a weird area of limbo: many consumers have forgone the era of desktop listening for the privacy and v ...

toggle

Most Commented