MobileMe users hit by phishing scam

The email (below) appears to come from [email protected], and looks fleetingly like something Apple might send, although the outdated graphics come from .Mac marketing materials.

Rather than directing users to login to their actual account at me.com and enter the SSL-protected accounts detail area, the phishing email links to a fraud site at http://natwestbgroups.com/www.apple.com/update.html.

That domain name was registered just three weeks ago from Name.com, a registrar in Hong Kong to "Pak Groups." The DNS registration for the domain points to Madih-ullah Riaz in Karachi, Pakistan, and cites a phone number and Microsoft Live Hotmail address.

Following the link takes users to a site that resembles Apple's site (below), in part because it directly uses Apple's graphics, JavaScripts, and CSS stylesheets to draw the page. The fake site also cites Apple's real customer service phone number and links to other legitimate pages.

However, clicking on 'continue' draws a dysfunctional verification page (below) and forwards any entered information to the scammer, identified as "Jude" by the webhost. The actual domain hosting the fraud site was laid out using Microsoft's FrontPage entry level web editing tool.

Users should always pay special attention to the URL specified by any hyperlinks in emails they receive. The best way to avoid being scammed is to manually type in the URL of the site you wish to visit, as it is possible to spoof URL listings in the browser just like the fake "from" address in the email above. Hovering over the email link in Mail would reveal that it does not link to Apple.com, but rather a fraudulent website (below).