Feeds

Apple faithful snared in phishing scam targeting Mac.com users

More MobileMe carnage

Providing a secure and efficient Helpdesk

Hundreds of Mac users have been snared in a phishing scam that coincided with the glitches in the roll-out Apple's MobileMe service.

Names of Apple customers traded in underground forums

Data obtained by CardCops, a credit card protection service owned by the Affinion Group, shows sensitive information belonging to several hundred people with Mac.com email addresses being traded in underground forums frequented by identity thieves. The details include social security numbers, birth dates, mothers' maiden names, credit card numbers and other sensitive information.

The graphic to the right, which has been edited to remove personally identifying details, shows some of the data that's been available.

The information was phished using emails that began circulating around the same time Apple began its ill-fated transition from Mac.com to Me.com. The scams bore subjects such as "Billing problem." Following the link as recently as Tuesday while using Apple's Safari browser, we were taken to an authentic-looking page purporting to belong to Apple. It asked users to reinstate their accounts by entering a dizzying array of personal details. (Interestingly, while Internet Explorer warned us the page was a scam, neither Safari nor Firefox flagged it.)

Among those who took the bait was someone in Desiree Holtadams's home. She said the confusion caused by the MobileMe transition caused her to lower her guard.

"I was wondering if they might have switched me over to MobileMe," she told The Reg. "A few weeks ago, there was no access to the Apple account at all for us."

An Apple representative didn't respond to an email requesting comment for this story.

Screenshot of spoofed Apple page

Several of the Mac.com victims we spoke to reported getting phishing emails purporting to come from iTunes. Evidently, Apple users are a popular target. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.