or Connect
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Scammers steal from users' PayPal accounts through Apple's iTunes
New Posts  All Forums:Forum Nav:

Scammers steal from users' PayPal accounts through Apple's iTunes

post #1 of 36
Thread Starter 
A phishing scam relies on hijacking users' iTunes accounts linked to PayPal, giving thieves the ability to drain money from someone's online account [updated].

Update:Various users have reported being charged thousands of dollars through the scam, in which the charges are made to an iTunes account through PayPal. While the problem was reported as a "major security hole" associated with iTunes accounts by TechCrunch Monday, John Paczkowski of Digital Daily reported that it's actually a phishing scam that's been around for some time.

"Sources close to Apple tell me iTunes has not been compromised and the company isnt aware of any sudden increase in fraudulent transactions," he wrote.

PayPal has said it is reimbursing customers for the fraud, but added that the problem "is happening on the iTunes side." Further questions about the scam were referred to Apple.

An Apple spokesperson told the San Jose Mercury News that the company is aware of the problem.

"Among other new security measures iTunes now requires more frequent re-entry of a customer's credit card security code," the spokesperson said. "But if your credit card or iTunes password is stolen and used on iTunes, we recommend that you contact your financial institution and inquire about canceling the card and issuing a charge-back for any unauthorized transactions. We also recommend that you change your iTunes account password immediately."

Earlier this summer, iTunes was hit by developer and account fraud, which some developers used to boost their sales rankings. Apple said, in that incident, that only 400 accounts were compromised of the more than 150 million active iTunes users.

This month, Apple also bolstered the security of its Apple ID accounts, which are shared by iTunes. Users must verify their account information when they log into new devices, and new iTunes account passwords must have at least 8 characters with mixed capitalization.
post #2 of 36
This is old news but I would tell my fellow iTunes users to use anything with the shift key to prevent keylogging or password cracking. They will only go after the naive and simplistic regarding tech. This, alone, will increase the odds for password encryption.
post #3 of 36
Somehow I ended up with three different iTunes accounts. I wish I could merge them like you can on Network Solutions. Anyway after this news I went into all of the accounts and disabled all the credit info. ITunes is just too big of a target right now. When I first got a Paypal account I made sure to link it to a new bank account which I keep very little money in just as a precaution.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #4 of 36
Nothing in these articles points to any security flaw in Apple's software. These cases appear to be people who had their login name and password stolen from somewhere else (typically by phishing emails or by keyloggers on an infected Windows PC). The thief then logged into iTunes with VALID credentials and used them generate bogus charges.
post #5 of 36
Quote:
Originally Posted by mstone View Post

When I first got a Paypal account I made sure to link it to a new bank account which I keep very little money in just as a precaution.

PayPal has so many more problems than iTunes.
post #6 of 36
Quote:
Originally Posted by ilo View Post

Nothing in these articles points to any security flaw in Apple's software.

"PayPal has said it is reimbursing customers for the fraud, but added that the problem "is happening on the iTunes side." Further questions about the scam were referred to Apple.

An Apple spokesperson told the San Jose Mercury News that the company is aware of the problem, and working on a fix."

If there is no security flaw in Apple's software, then how are they working on a fix? They say that they are aware of the problem, but you think that no problem exists?

Sorry, but I will believe Apple. Every time.
post #7 of 36
Quote:
Originally Posted by Chris_CA View Post

PayPal has so many more problems than iTunes.

No kidding... PayPal is a nightmare.
They don't need the help of phishers to take someone's account away.

Like the other fellow, my PayPal is linked to a dedicated and empty bank account.
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
post #8 of 36
Quote:
Originally Posted by ilo View Post

Nothing in these articles points to any security flaw in Apple's software. These cases appear to be people who had their login name and password stolen from somewhere else (typically by phishing emails or by keyloggers on an infected Windows PC). The thief then logged into iTunes with VALID credentials and used them generate bogus charges.

Try again.
post #9 of 36
One more reason why I dropped PayPal years ago and have never looked back.
A.k.a. AppleHead on other forums.
Reply
A.k.a. AppleHead on other forums.
Reply
post #10 of 36
It's just Phishing.

http://digitaldaily.allthingsd.com/2...ullible-users/
post #11 of 36
Sorry there is no hole in ITunes in this case. People gave someone their userid and password and that was then used to buy stuff. Valid userid and password = valid access. Stop clicking on fake emails!
post #12 of 36
Quote:
Originally Posted by Robin Huber View Post

One more reason why I dropped PayPal years ago and have never looked back.

I've used PayPal all the time for years without a problem. It's all about having strong and regularly changed passwords. In fact, these days, the whole security thing is about weak passwords and human engineering (phishing). My bank now has an optional RSA SecureID fob that requires a four digit pin code followed by a six digit passcode that changes every 60 seconds. In effect my password changes every 60 seconds. I have used the same SecureID card at my workplace for over a decade now. Even if there's a key logger installed, even if I give away my pin number, my password still changes every 60 seconds. The bad guy has to have my SecureID fob in his physical possession to get into my accounts.
post #13 of 36
Quote:
Originally Posted by lkrupp View Post

In effect my password changes every 60 seconds.



That sounds way to complicated. Apple would never do anything like that.

Instead, I bet that they will come up with something that changes the entire security industry forever. They will make it easy enough for a 4 year old to use.
post #14 of 36
Quote:
Originally Posted by madla View Post

Sorry there is no hole in ITunes in this case. People gave someone their userid and password and that was then used to buy stuff. Valid userid and password = valid access. Stop clicking on fake emails!


Apple says different, and I beleive Apple.
post #15 of 36
I say PayPal is the problem and they're not fessing up.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #16 of 36
Quote:
Originally Posted by SpamSandwich View Post

I say PayPal is the problem and they're not fessing up.

I say human beings who can't tell a phishing scam from a legitimate email are the problem and THEY'RE not fessing up.
post #17 of 36
Quote:
Originally Posted by SendMe View Post

Apple says different, and I beleive Apple.

I'd like to have a look at that Kool-Aid you are holding.
Same Apple. Same Mac. Different Take. Different Place. http://Applemacness.com
Reply
Same Apple. Same Mac. Different Take. Different Place. http://Applemacness.com
Reply
post #18 of 36
rather strange that it seems to be limited to itunes user using paypal account.
post #19 of 36
Quote:
Originally Posted by lkrupp View Post

I've used PayPal all the time for years without a problem. It's all about having strong and regularly changed passwords.

It's not about people getting access to your account.
It's about (lack of and poor) customer service.
Try to get refund or credit for something not received is a crap shoot.

From the article - "PayPal has said it is reimbursing customers for the fraud, but added that the problem "
Many people have simply been told that it is NOT PayPal's problem and that they would not refund anything or do anything to help the customer.

Many more horror stories about PayPal than there are for Apple/iTunes.
post #20 of 36
Quote:
Originally Posted by AppleInsider View Post

it's actually a phishing scam that's been around for some time.




<Emily Litella>

Oh! Well that's different, then.

Never mind!

</Emily Litella>
post #21 of 36
Quote:
Originally Posted by SendMe View Post

That sounds way to complicated. Apple would never do anything like that.

Instead, I bet that they will come up with something that changes the entire security industry forever. They will make it easy enough for a 4 year old to use.

A four year old probably knows the difference between to and too.
Use duckduckgo.com with Safari, not Google Search
Been using Apples since 1978 and Macs since 1984
Long on AAPL so biased. Strong advocate for separation of technology and politics on AI.
Reply
Use duckduckgo.com with Safari, not Google Search
Been using Apples since 1978 and Macs since 1984
Long on AAPL so biased. Strong advocate for separation of technology and politics on AI.
Reply
post #22 of 36
Quote:
Originally Posted by SendMe View Post

<Emily Litella>

Oh! Well that's different, then.

Never mind!

</Emily Litella>


post #23 of 36
Quote:
Originally Posted by Chris_CA View Post

PayPal has so many more problems than iTunes.

I think the world needs something like Paypal because they offer to the common individual the ability to accept credit cards.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #24 of 36
Quote:
Originally Posted by mstone View Post

I think the world needs something like Paypal because they offer to the common individual the ability to accept credit cards.

OK.
I never said there was not a place for a system like PayPal.
Just that PayPal would just as soon cheat you as help you.
post #25 of 36
I wonder what kind of computers the victims were using....
post #26 of 36
Quote:
Originally Posted by Chris_CA View Post

OK.
I never said there was not a place for a system like PayPal.
Just that PayPal would just as soon cheat you as help you.

How often do you use PayPal? I have used PayPal over 200 times in the last 3 years without any problems.
post #27 of 36
Quote:
Originally Posted by TheShepherd View Post

How often do you use PayPal?

I think I have used it maybe two times. like 5 or 6 years ago.
Quote:
I have used PayPal over 200 times in the last 3 years without any problems.

Then it must be safe?

-> Google - PayPal problems

110,000,000 hits
post #28 of 36
Quote:
Originally Posted by striker_kk View Post

i'd like to have a look at that kool-aid you are holding.

=fail
post #29 of 36
Quote:
Originally Posted by westech View Post

I wonder what kind of computers the victims were using....

I would say around there is a 90% chance they were using Windows PCs simply because of the market share but it's likely that Mac\\Linux were over represented due to IE being the most secure browser in regards to this kind of attack.........

*runs and hides*

post #30 of 36
I only ever use iTunes pre-paid gift cards now to make purchases as I just don't trust internet banking.
post #31 of 36
Quote:
Originally Posted by SendMe View Post

That sounds way to complicated. Apple would never do anything like that.

Instead, I bet that they will come up with something that changes the entire security industry forever. They will make it easy enough for a 4 year old to use.

Isn't that like that old joke "Design something even an idiot can use and only an idiot will use it"?
post #32 of 36
Quote:
Originally Posted by Shaun, UK View Post

I only ever use iTunes pre-paid gift cards now to make purchases as I just don't trust internet banking.

After this first hit the news wires I did the same and made my password a 12 character long thing.
post #33 of 36
Quote:
Originally Posted by Firefly7475 View Post

I would say around there is a 90% chance they were using Windows PCs simply because of the market share but it's likely that Mac\\Linux were over represented due to IE being the most secure browser in regards to this kind of attack.........

*runs and hides*


If we knew the answer to the question we might have real world data on which platform is more secure regarding this form of attack.
post #34 of 36
Quote:
Originally Posted by Chris_CA View Post

-> Google - PayPal problems

110,000,000 hits

Whether there are problems with PayPal, or the people who run it, or not, the number of search hits on any given phrase does not constitute a supporting fact for any argument.
post #35 of 36
Quote:
Originally Posted by anonymouse View Post

Whether there are problems with PayPal, or the people who run it, or not, the number of search hits on any given phrase does not constitute a supporting fact for any argument.

It wasn't based simply on the number of hits from a search. Go to the hits and read the stories and make your own call.

I suggest you continue to use it and be happy and feel safe and secure with it and don't complain when you get screwed over sometime in the future.
Just be happy that you had a good run prior to that time.
post #36 of 36
Just two little rules
It's called a password, and there are just two little rules about using passwords:

1. Make it really hard for anyone to guess, even if they know all about you.
2. Never give the password to anyone, even if they ask you politely in an email.

It's just that simple.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPod + iTunes + AppleTV
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Scammers steal from users' PayPal accounts through Apple's iTunes