Intego posted an alert on the scam earlier this week, noting that the first emails appeared to have gone out on or around Christmas day. The phishing email purports to come from "appleid@id.apple.com" and informs recipients that their billing information records are "out of date."
Customers are directed to click on a link to http://store.apple.com, but they are instead redirected to a "realistic-looking sign-in page," according to the security firm's report.
Though phishing scams targeting Apple customers are by no means new, this particular scam has attracted attention because it is unusually detailed in its efforts to deceive. The email makes use of the Apple logo and shading and employs better formatting than similar frauds in the past.
As a precautionary measure, users should remember not to click directly on links from email messages and instead navigate to the website in question on their own.
Phishing email seeking AppleID billing information. Credit: Intego.
In August, scammers set out to trick Apple's MobileMe subscribers into upgrading to the then-forthcoming iCloud service. Around the Thanksgiving holiday, another scam cropped up falsely advertising an iTunes gift certificate that was actually malware meant to pilfer passwords and other personal information.
Mac users were also the target of an elaborate hoax involving fake anti-virus software, usually dubbed MacDefender, earlier this year. The application would automatically download itself onto users' computers in an attempt to obtain their credit card information. Russian police later found evidence tying the scam to online payment service Chronopay.
20 Comments
Anyone with a half a brain, if they read the words, would pick up on the poorly worded grammar and mid-sentence capitalization. Most people should know that you don't need billing information to have an account, either.
Anyone with a half a brain, if they read the words, would pick up on the poorly worded grammar and mid-sentence capitalization. Most people should know that you don't need billing information to have an account, either.
These scammers are like lions in the Serengeti. It's old and feeble they gazelles they are after.
Personally I don't even click on email links from businesses when I'm certain they are legit. I always access from a bookmark in my browser just to be sure and make sure I maintain that habit.
Looks like the scammers are being more careful about spelling and grammar, though there's still a few mistakes.
Some of the phish emails I've received have such horrible writing that you wonder if it was written using Google Translate from Chinese. I bet the scammers would do a lot better if they hired native English speakers to write their E-mails.
And how come there's so few native-English speaking scammers anyway? The US, Canada, UK, Australia, etc. have their fair share of criminals after all!
The US, Canada, UK, Australia, etc. have their fair share of criminals after all!
We have more than our fair share, thank you, but they all run banks.
My first thought: "Pffst... who would be dumb enough to fall for this?"
Second thought: "Crap! My elderly parents and their parents have Apple accounts, and they believe Nigeria has a couple thousand deposed princes. Doh!"
EDIT: Is it a coincidence that my post was preceded by a spammer who is advertising cheap wedding dresses?
EDIT 2: Cool, they 86'd it.