A scammer is targeting MobileMe users with an email purporting to be from Apple. The email claims there are problems with the user's subscription renewal information, and directs them to a web site that asks them to reenter their credit card information.
Rather than directing users to login to their actual account at me.com and enter the SSL-protected accounts detail area, the phishing email links to a fraud site at http://natwestbgroups.com/www.apple.com/update.html.
That domain name was registered just three weeks ago from Name.com, a registrar in Hong Kong to "Pak Groups." The DNS registration for the domain points to Madih-ullah Riaz in Karachi, Pakistan, and cites a phone number and Microsoft Live Hotmail address.
Following the link takes users to a site that resembles Apple's site (below), in part because it directly uses Apple's graphics, JavaScripts, and CSS stylesheets to draw the page. The fake site also cites Apple's real customer service phone number and links to other legitimate pages.
However, clicking on 'continue' draws a dysfunctional verification page (below) and forwards any entered information to the scammer, identified as "Jude" by the webhost. The actual domain hosting the fraud site was laid out using Microsoft's FrontPage entry level web editing tool.
Users should always pay special attention to the URL specified by any hyperlinks in emails they receive. The best way to avoid being scammed is to manually type in the URL of the site you wish to visit, as it is possible to spoof URL listings in the browser just like the fake "from" address in the email above. Hovering over the email link in Mail would reveal that it does not link to Apple.com, but rather a fraudulent website (below).
41 Comments
Already been done, blogged, and resolved with Apple. This is just an update to the same old email.
http://blog.joelesler.net/2008/07/ma...t-aint-so.html
I posted some info with colorful language just for kicks.
Already been done, blogged, and resolved with Apple. This is just an update to the same old email.
http://blog.joelesler.net/2008/07/ma...t-aint-so.html
Yes, this is a new attempt with different text. Did your report note the source of the scam, and was it the same? Also, how do you figure this has been "resolved with Apple," considering that anyone receiving the email could fall for it without any intervention possible by Apple?
Yes, this is a new attempt with different text. Did your report note the source of the scam, and was it the same? Also, how do you figure this has been "resolved with Apple," considering that anyone receiving the email could fall for it without any intervention possible by Apple?
Having learned of this attack, it should be quite easy for Apple to simply filter out the email from any mobile me accounts to ensure that it isn't delivered to anyone else.
Nat West is a large UK bank. Sounds like this guy had another target in mind when he registered that domain.