Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

MobileMe users hit by phishing scam

A scammer is targeting MobileMe users with an email purporting to be from Apple. The email claims there are problems with the user's subscription renewal information, and directs them to a web site that asks them to reenter their credit card information.

The email (below) appears to come from no-reply@me.com, and looks fleetingly like something Apple might send, although the outdated graphics come from .Mac marketing materials.

Rather than directing users to login to their actual account at me.com and enter the SSL-protected accounts detail area, the phishing email links to a fraud site at http://natwestbgroups.com/www.apple.com/update.html.

That domain name was registered just three weeks ago from Name.com, a registrar in Hong Kong to "Pak Groups." The DNS registration for the domain points to Madih-ullah Riaz in Karachi, Pakistan, and cites a phone number and Microsoft Live Hotmail address.

Following the link takes users to a site that resembles Apple's site (below), in part because it directly uses Apple's graphics, JavaScripts, and CSS stylesheets to draw the page. The fake site also cites Apple's real customer service phone number and links to other legitimate pages.

MobileMe fraud site

However, clicking on 'continue' draws a dysfunctional verification page (below) and forwards any entered information to the scammer, identified as "Jude" by the webhost. The actual domain hosting the fraud site was laid out using Microsoft's FrontPage entry level web editing tool.

MobileMe fraud site 2

Users should always pay special attention to the URL specified by any hyperlinks in emails they receive. The best way to avoid being scammed is to manually type in the URL of the site you wish to visit, as it is possible to spoof URL listings in the browser just like the fake "from" address in the email above. Hovering over the email link in Mail would reveal that it does not link to Apple.com, but rather a fraudulent website (below).

MobileMe fraud Mail



41 Comments

joelesler 18 Years · 21 comments

Already been done, blogged, and resolved with Apple. This is just an update to the same old email.

http://blog.joelesler.net/2008/07/ma...t-aint-so.html

crees! 21 Years · 501 comments

I posted some info with colorful language just for kicks.

prince 19 Years · 90 comments

Quote:
Originally Posted by joelesler

Already been done, blogged, and resolved with Apple. This is just an update to the same old email.

http://blog.joelesler.net/2008/07/ma...t-aint-so.html

Yes, this is a new attempt with different text. Did your report note the source of the scam, and was it the same? Also, how do you figure this has been "resolved with Apple," considering that anyone receiving the email could fall for it without any intervention possible by Apple?

bryand 18 Years · 78 comments

Quote:
Originally Posted by Prince

Yes, this is a new attempt with different text. Did your report note the source of the scam, and was it the same? Also, how do you figure this has been "resolved with Apple," considering that anyone receiving the email could fall for it without any intervention possible by Apple?

Having learned of this attack, it should be quite easy for Apple to simply filter out the email from any mobile me accounts to ensure that it isn't delivered to anyone else.

fuyutsuki 19 Years · 293 comments

Nat West is a large UK bank. Sounds like this guy had another target in mind when he registered that domain.