Never miss an update Follow AppleInsider
Thursday, February 26, 2009, 08:00 am
New phishing scam targets MobileMe users
In another attempt to con MobileMe users into providing their credit card information, a scammer has sent out spam spoofed to appear to come from Apple, which directs users to a fake site designed to look like Apple's. Users who follow the email link and enter their information on the poorly formatted, fake Apple web page will be sorry.The phony email
While sent with a spoofed sender address of noreply@me.com, the spam's headers indicate that it actually appears to originate from gamma.oxyhosts.com, a server operated by a web hosting outfit from the UK. The email contains formatting errors that should immediately tip off users, and directs to a sketchy URL: http.apple-billing.me.uk. The email's headers that indicate it was sent using Outlook Express, but those are only visible when the user examines the phony email's raw headers.
Of course, Apple itself has also sent out official MobileMe notices containing the same formatting error (below). Apple also doesn't sign or encrypt its official emails to users, a step that might help in thwarting the regular phishing attempts that target MobileMe users. While Apple pioneered certificate based security in iChat messaging for its MobileMe users, it has been a laggard in making it easy for users to sign and encrypt their MobileMe email using certificates issued by Apple, despite support in Mail and most other modern email clients to handle this.
The significant difference in the real message from Apple over the phony spam is that Apple's official email cites the account's User Name, the ending digits of their credit card number, and directs the user to navigate to MobileMe themselves to correct their information within the online account section, rather than providing a link to follow. Doing so would result in the user initiating a MobileMe web session secured via SSL before they are ever prompted to enter their private account information.
The phony website
There is no SSL security on the fake site users are directed to by the spam (pictured below). The fraud site is hosted by me.uk, a domain not affiliated with Apple, but which might sound reasonably correct to many users. The domain appears to be registered to "Nike Jegart, co 9 Vista Estrella South, Lamy, NM 87540."
Were the site to attempt to initiate an SSL connection, the EV (Extended Validation) phishing filters in most modern browsers might flag the site as suspicious, but that type of safeguard does nothing when no SSL session is even attempted. The formatting of the phony Apple Store page does raise some obvious red flags, but users shouldn't expect spammers to continue to flub in their phishing efforts.
As with any unsolicited email-based requests for identity or billing information, users should be cautious and suspicious. Verify that the browser has initiated an SSL connection and that the URL appears correct (although it can be easy to spoof the URL itself so that it appears to be legitimate). The best practice is to navigate to the billing site yourself rather than following an email-supplied link, even if the email appears to be legitimate.
In related news, Apple this week announced a number of improvements to MobileMe's web applications, which were detailed on AppleInsider's backpage blogs on Wednesday.
On Topic: Software
- Avid announces Pro Tools 11 and Media Composer 7 for Mac & PC
- Adobe releases Lightroom 4.4 and Camera Raw 7.4 after month of testing
- New release candidates for Adobe's Lightroom and Camera Raw bring bug fixes, added camera support
- Apple to lock iOS app screenshots upon submission to halt scammers
- Firefox 18 launches with support for Retina display Macs
Previous Comments View All
Well, anytime I see this kind of font, I immediately have a feeling in my gut that something is phony, especially when this is supposed to come from Apple.
I'm sorry for all those who fell for it.
The formatting error would've made even the official Apple email suspicious - if it had provided a link, I wouldn't have clicked it I think...
But yeah: give us a way to sign our mails! You are providing a certificate already for iChat, so why not use this too for email?
Comment out of date 
This is where 1Password comes in-handy for those times you take your eye off the ball.
Quote:
Originally Posted by crees! 
This is where 1Password comes in-handy for those times you take your eye off the ball.
This is where 1Password comes in-handy for those times you take your eye off the ball.
Thanks for tip. I had never heard of this till Safari 4 came out and people said it broke it. I must look into it.
What I don't understand is, how did they get the last 4 digits of people's credit cards, or are they the same on every e-mail?
Quote:
Originally Posted by razorpit
What I don't understand is, how did they get the last 4 digits of people's credit cards, or are they the same on every e-mail?
What I don't understand is, how did they get the last 4 digits of people's credit cards, or are they the same on every e-mail?
That email is the real deal from apple, the others are fake.
Quote:
Originally Posted by razorpit
What I don't understand is, how did they get the last 4 digits of people's credit cards, or are they the same on every e-mail?
What I don't understand is, how did they get the last 4 digits of people's credit cards, or are they the same on every e-mail?
The scam email doesn't appear to have that on it. The example of the real
email from Apple does show it.
you see minor errors in non-english speaking counterpart's writing right away how come you send your credit card data on the request signed 'MobileMe' (Apple) yet lacking periods and spaces and mistaking letter case here and there
Quote:
Originally Posted by AppleInsider
Users who follow the email link and enter their information on the poorly formatted, fake Apple web page will be sorry.
Users who follow the email link and enter their information on the poorly formatted, fake Apple web page will be sorry.
Is that how the new disclaimers for everything will read now? "People who attempt these stunts will be sorry". "People who buy a Windows machine and expect too much from it will be sorry".
Latest Apple Headlines
-
New service delivers passes for Apple's Passbook via text message
~12 seconds ago -
Steve Jobs's family has been giving money away anonymously for more than 2 decades
~1 hour ago -
Judge says evidence will likely show Apple culpable in e-book price fixing case
~7 hours ago -
AT&T to reportedly add Apple's iPhone to GoPhone prepaid lineup
~9 hours ago -
Apple airs new iPhone ad, continues brilliant 'quiet' TV campaign
~9 hours ago - more...
Want to write for AppleInsider? Submit your application now!
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
I consider myself to be very computer savvy - I work on computers all day and advise others on computer related issues - and I almost fell for one of these scams related to PayPal. I had just placed an order using PayPal and I got an email along the line of this one asking for updated billing info - and I clicked the link and filled out the page and just as I was about to hit the send button I noticed the URL was some goofy thing like members.isp.com-someusername etc - and immediately closed the page - opened a new browser session and logged into my PayPal account - and checked that everything was correct. This was a couple years ago so the browsers were not as good as alerting you to this kind of problem - but as mentioned in the article if the site does not try to use SSL then the flags may not be raised. Another way to check on the authenticity of the email is to view the internet headers - sometimes they give away some info that might be hidden in the standard email. Of course that takes time - your advice to not use the email but rather to open a browser and put in the proper URL yourself is the best way to go.