updated 03:35 pm EST, Fri February 27, 2009
New MobileMe scam
MobileMe subscribers are again being targeted in an updated phishing scam, investigation reveals. Similarly to earlier attempts, the scam beings with an e-mail, prompting people to update their credit card information in advance of an upcoming renewal date. A link is provided to log into MobileMe, but in reality it guides users to a different domain -- "http.apple-billing.me.uk" -- which spoofs the design of the Apple online store, and tricks unwitting visitors into sharing credit card data.
Making the site a more serious threat is the fact that, due to not attempting an SSL connection, it is not automatically flagged by Extended Validation filters, used in modern browsers such as Safari 4. The scam message can be identified through unusually poor writing however, and real Apple notifications supply a person's username, as well as the last four digits of the on-file credit card.
Despite the use of a seemingly British domain, probing is said to show that the registration belongs to a Nike Jegart in Lamy, New Mexico. It is uncertain if the ownership listings are accurate or false, as a skilled hacker or criminal can create misleading attributions.