toggle

AAPL Stock: 132.05 ( + 2.43 )

Printed from http://www.macnn.com

MobileMe users targeted in spreading phishing scam

updated 03:35 pm EST, Fri February 27, 2009

New MobileMe scam

MobileMe subscribers are again being targeted in an updated phishing scam, investigation reveals. Similarly to earlier attempts, the scam beings with an e-mail, prompting people to update their credit card information in advance of an upcoming renewal date. A link is provided to log into MobileMe, but in reality it guides users to a different domain -- "http.apple-billing.me.uk" -- which spoofs the design of the Apple online store, and tricks unwitting visitors into sharing credit card data.

Making the site a more serious threat is the fact that, due to not attempting an SSL connection, it is not automatically flagged by Extended Validation filters, used in modern browsers such as Safari 4. The scam message can be identified through unusually poor writing however, and real Apple notifications supply a person's username, as well as the last four digits of the on-file credit card.

Despite the use of a seemingly British domain, probing is said to show that the registration belongs to a Nike Jegart in Lamy, New Mexico. It is uncertain if the ownership listings are accurate or false, as a skilled hacker or criminal can create misleading attributions.






by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. afaby

    Joined: Dec 1969

    +4

    The domain...

    was most likely also purchased with a stolen credit card number, so I doubt that person is the real owner.

  1. byRyan

    Joined: Dec 1969

    +4

    nike?

    and is there even a real person named Nike? Who would do that to their kid?

  1. testudo

    Joined: Dec 1969

    -3

    ummm

    Making the site a more serious threat is the fact that, due to not attempting an SSL connection, it is not automatically flagged by Extended Validation filters

    Isn't this true of any site that isn't https? They don't make a secure connection, so the browser doesn't tell you it isn't secure.

    I would think it would be "more of a threat" if it DID make an SSL connection.

  1. Gazoobee

    Joined: Dec 1969

    +5

    one of these days ...

    ... there is going to be a hacker with the skill to do this kind of stuff who also knows how to read and write English.

    Then we are in trouble.

  1. ajhoughton

    Joined: Dec 1969

    -1

    skill? what skill?

    Skill? What skill? Any idiot can set something like this up; you don't have to know much about anything to do so. Especially in this case, since whoever did it didn't even bother with SSL (which complicates matters somewhat).

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Notti smart lamp from Witti

Perhaps you've already seen our review of the Dotti LED display from Witti Design. Meet Notti, Dotti's "sibling". Notti is a softb ...

Seagate Personal Cloud (2-Bay)

When it comes to backing up files, many users are now looking to the myriad of cloud storage solutions available. There is no doubt th ...

Leitz Icon Label Printer

When you say the words "label printer" to people, they either just really don't care, or they get incredibly excited. This is one o ...

toggle

Most Commented