Computerworld was allowed to view the files and verified that the records found on the servers contained multiple "full profiles" including names, addresses, credit card numbers, card security numbers, birth dates, mother's maiden names, and e-mail addresses and passwords. There were approximately 300 profiles collected in one day, with 100-200 being mac.com addresses, according to Clements.

After contacting the victims CardCops were able to get a better idea of what actually happened. Clearly it was a phishing attack, but the timing was calculated to coincide with Apple's recent migration of its older .Mac service to the new MobileMe service. The timing appeared to increase the success rate for the phishers.

Earlier this week there were reports of messages that appeared to be sent by Apple to ask MobileMe users to re-enter their credit card information because of a billing problem. Many people didn't think twice about giving out their information. "Some of the users who we talked to were very sophisticated users. But they still fell for this attack," said Clements. Jovi Umawing of Trend Micro made similar observations, he said the message "looks clean and sleek, the text courteous and professional, hardly the kind that instantly gives away [it] away as a fake or scam." Links to legitimate Apple pages were even included in the mail.

Clements claimed another factor played a role: Apple users' high level of trust with the company. Another attack in May targeted iTunes users. The criminals used a similar tactic, claiming credit card problems required them to enter their information again to update their accounts.