Before you click -- check!!

Doofuses.

Never say never. But I will say but...I would never respond to an email wanting my credit card or other secure info.

Look at the URL for god's sakes!

You've got to have a lot of sophistication to understand that the URL that you see may actually resolve to a totally different URL, which may even have the words "apple" or "itunes" in it, eg. apple.x.com.

I actually did a double take when I got these emails, because I, like a lot of people, have a .Mac/MobileMe renewal date usually in September, since that was when .Mac was originally created. I had also recently made an iTunes purchase, AND had an expiring credit card renewal date, so I'm glad that I triple-checked where the URL resolved to. (it was in the .ws domain, in case you're interested, and was registered to someone in Germany).

Most of my friends, family, etc. would have fallen for it easily.

and this PROVES IT.

They only got 200 mac users to fall for this?? I don't know how many they sent out but I got one, I should think the number would be in the hundreds of thousands if not a million (MobileMe does have millions of users, btw).

Compare this to the numbers of Winblows users falling for phishing scams on the other side (the only reason they continue to appear -- because enough Win users fall for it!) and I think the question of who's the more savvy group is quite clear.

a very serious business. fact is the the ease with which the whole implementation is done here in US is very detrimental to the implementation of a secure system. i have traveled to india where applying for a credit card actually requires you to go to the bank and a mandatory visit by the reps (spies) from the bank physically verifying your address and identity without your knowledge from neighbors at random (no way would you pass off easily). they even go to the extent of researching your origins and dig too much. result is delayed arrival of a credit card but faking an identity is minimal. you have to be great con master.

then comes the stupidity of people sharing their information willingly without verifying the links. how does one prevent from providing the info. simple, when you get a mail asking for credi card or personal info, first go to the actual website directly and look for a link that is real. even if you do see a link, call the support number and ask if they really need your info over again. send a mail to the support asking for further info. 99.999% of the times you will be told that they don't need it and someone is phising. i had been approached by "reps" from my banker to provide my personal info for a survey on behalf of my bank. i wrote to my banker. guess what these guys were traced and the bank sent me a mail about being careful.

waiting a couple of days for proper confirmation with vendors like apple or your banker would save you a lot more than the many many days and months that you would need to recover from the loss you made knowingly. frankly not being trusting and being a doubting Tom helps.

enjoy safe surfing.

That 200, or so, people got phished is news how? How many get phished every day from other scams and are they reported? Nope! Its only news because they can put Apple in the story.

Come on Macnn, lets get some real news!

The reason this scam worked, and this is entirely Apple's fault, is that there was a billing problem with Apple's servers at the time of the MobileMe transition catastrophe - I for one had a message on my genuine MobileMe account stating that there was a problem with my card when I knew there wasn't one. I contacted Apple and they said that they were aware of the problem and were working on a fix. Obiviously the scammers picked up on this issue and started their phishing scam.

No company provides you a link directly to their site where you enter in sensitive information. They tell you to go to their site and login.

I had a fairly convincing one from Google Adwords, but a quick look at the URL google.phishingsite.ru) told me it was fake.

I think Mac users are a bit "smarter" because I think their users are a bit better educated.

Macs are more expensive, people with education make more money, thus can afford macs. Provide any anecdotal evidence to the contrary, but better educated people have more disposable income for a computer.

Also Macs are very popular on campuses.

Also, a lot of seniors use windows, and I have found them to be easily gulled.

I'm amazed that any company would ever send a user a link to any part of their website. The companies should be training their customers to never, ever click on a link in an email. It's too bad companies don't take a more sophisticated role in fighting this.

than the 200 who had fallen for it, had the introduction of MobileMe not been plagued with problems which could have lend more credibility to this phishing scam. Still, a hard lesson for those 200 to learn, but more importantly, a lesson for all of us to be reminded of - and that is, the world wide web has its share of jerks!