or Connect
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Email scam targets MobileMe users with iCloud upgrade bait
New Posts  All Forums:Forum Nav:

Email scam targets MobileMe users with iCloud upgrade bait

post #1 of 26
Thread Starter 
Scammers are trying to trick Apple's existing MobileMe subscribers into providing credit card information, purportedly to migrate to the new iCloud service, in a new spam campaign that echoes previous attempts.

The email asks MobileMe members to "Please sign up for iCloud and click the submit botton [sic], you'll be able to keep your old email address and move your mail, contacts, calendars, and bookmarks to the new service.

"Your subscription will be automatically extended through July 31, 2012, at no additional charge.
After that date, MobileMe will no longer be available."



The email provides a link inviting users to "click here to update iCLOUD," but the link actually directs to "flowerpotss.biz," where a phony page asks users to supply their credit card information rather than perform a "no charge" sign up.



Apple has indicated that existing MobileMe users will be able to upgrade, once the service becomes publicly available, after simply logging into their existing account. Users should never supply their account information or credit card details in response to an email.

It's always safer to navigate to online services directly or using a bookmark. Apple never requests users to click a link to enter or "verify" their credit card information.
post #2 of 26
I got this one and sent an immediate warning e-mail to family-friends...

It has a legitimate look to it... But of course wants credit card info to convert to iCloud... yeah right...

ken
post #3 of 26
Quote:
Originally Posted by kenliles View Post

I got this one and made and e-mailed an immediate warning to family-friends about it

It has a legitimate look to it... But of course wants credit card info to convert to iCloud... yeah right...

ken

I don't think some Apple users will find the need to supply credit card info at all suspicious since one is requested when you first activate your account. It's such a simple scam, but it's probably going to make a lot of money in a very short time.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #4 of 26
Did they really think they would fool people with the "Apple store" thing? They could have at least capitalized the word "store." Or spelled "button" correctly.
post #5 of 26
Quote:
Originally Posted by autism10 View Post

Did they really think they would fool people with the "Apple store" thing? They could have at least capitalized the word "store." Or spelled "button" correctly.

Apple now is targeting very unsophisticated users. My guess is that lots of Apple customers will fall for it. Mom and pop are not tech savvy, but they have credit cards with large limits.
post #6 of 26
Quote:
Originally Posted by autism10 View Post

Did they really think they would fool people with the "Apple store" thing? They could have at least capitalized the word "store." Or spelled "button" correctly.

You do read posts here, correct? You really think spelling is a strong point for some
users? A good percentage may not notice the errors so apparent to some others.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #7 of 26
Cant even spell Nane right!... Has Scam written al over it but still will fool A LOT of people
post #8 of 26
Quote:
Originally Posted by T1gger View Post

Cant even spell Nane right!... Has Scam written al over it but still will fool A LOT of people

That was on purpose, right?
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #9 of 26
Quote:
Originally Posted by T1gger View Post

Cant even spell Nane right!... Has Scam written al over it but still will fool A LOT of people

Quote:
Originally Posted by Gatorguy View Post

That was on purpose, right?

Right.
post #10 of 26
Quote:
Originally Posted by AppleInsider View Post

Scammers are trying to trick Apple's existing MobileMe subscribers into providing credit card information, purportedly to migrate to the new iCloud service, in a new spam campaign that echoes previous attempts....

The easiest way to tell it's a scam is to hover over the link, but then iOS doesn't let one hover.

Could be a problem.
post #11 of 26
Quote:
Originally Posted by Prof. Peabody View Post

The easiest way to tell it's a scam is to hover over the link, but then iOS doesn't let one hover.

Could be a problem.

You have to be pretty naive to not know to look for the secure icon or the https:// before giving up your credit card. Don't kids teach their parents that still?

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #12 of 26
Frankly, anyone stupid enough to fall for this deserves what they get.
post #13 of 26
whois
Quote:
Domain Name: FLOWERPOTSS.BIZ
Domain ID: D46230628-BIZ
Sponsoring Registrar: CSL COMPUTER SERVICE (D.B.A. JOKER.COM)
Sponsoring Registrar IANA ID: 113
Registrar URL (registration services): whois.joker.com
Domain Status: clientTransferProhibited
Registrant ID: CNEU-210417
Registrant Name: Stephanie
Registrant Address1: 5158 Dry Creek Drive
Registrant City: Dublin
Registrant State/Province: Ohio
Registrant Postal Code: 43016
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +44.6143145107
Registrant Email: ehijie2002@live.com
Administrative Contact ID: CNEU-9305
Administrative Contact Name: GET FREE DOMAINS www.uk2.net
Administrative Contact Organization: UK-2 Ltd
Administrative Contact Address1: One Canada Square
Administrative Contact Address2: Canary Wharf
Administrative Contact City: London
Administrative Contact State/Province: --
Administrative Contact Postal Code: E14 5DY
Administrative Contact Country: UNITED KINGDOM
Administrative Contact Country Code: GB
Administrative Contact Phone Number: +20.79871200
Administrative Contact Email: hostmaster@uk2.net
Name Server: ULTRA103.UK2.NET
Domain Registration Date: Tue Aug 02 08:09:38 GMT 2011

Registrant City: Dublin
Registrant State/Province: Ohio
Registrant Phone Number: +44.6143145107
Not even a legit US phone number. (If, somehow, area code was 446, it's Colorado, plus the first digit won't be 1 assuming 07 is an extension)
Why the F are domain registrars allowed to accept this blatantly dishonest crap?
post #14 of 26
The "+44" is an internationally-accepted way to specify a phone number in Britain.

I'm not saying that the number itself is valid, but that *is* the standard way to represent a U.K. phone number in settings such as this. Just so you know.

The "+20" later on is bogus, to be sure. It also should have the "44" to be valid.
post #15 of 26
Do'h! I apologize for being a drooling idiot.
Well, it's is a cell phone in Columbus OH at least. But someone should have had to confirm a real "Stephanie".

Frankly, if domain registrars were held legally responsible for doing due diligence in preventing phony personas, scams would get a bit harder.
post #16 of 26
Quote:
Originally Posted by Slang4Art View Post

Frankly, anyone stupid enough to fall for this deserves what they get.

Dickhead.
post #17 of 26
Quote:
Originally Posted by Stourque View Post

Last post.

Honestly, what? What in the world makes you think that kind of response is an acceptable reply to what he said?

Or maybe you fell for it and are lashing out.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #18 of 26
Apple already has my credit card details, so why would I supply them again?

It's like an email from a bank asking for a password, they already have it why would they need it again.

Sometimes all it needs is a little common sense.
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #19 of 26
I'm really sick of hearing about these spammers. I guess if every country in the world sets up a death penalty for spamming will the problem alleviated.
post #20 of 26
Quote:
Originally Posted by OccamsAftershave View Post

Domain Name: FLOWERPOTSS.BIZ
Domain ID: D46230628-BIZ
Sponsoring Registrar: CSL COMPUTER SERVICE (D.B.A. JOKER.COM)
Sponsoring Registrar IANA ID: 113
Registrar URL (registration services): whois.joker.com
Domain Status: clientTransferProhibited
Registrant ID: CNEU-210417
Registrant Name: Stephanie
Registrant Address1: 5158 Dry Creek Drive
Registrant City: Dublin
Registrant State/Province: Ohio
Registrant Postal Code: 43016
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +44.6143145107
Registrant Email: ehijie2002@live.com
Administrative Contact ID: CNEU-9305
Administrative Contact Name: GET FREE DOMAINS www.uk2.net
Administrative Contact Organization: UK-2 Ltd
Administrative Contact Address1: One Canada Square
Administrative Contact Address2: Canary Wharf
Administrative Contact City: London
Administrative Contact State/Province: --
Administrative Contact Postal Code: E14 5DY
Administrative Contact Country: UNITED KINGDOM
Administrative Contact Country Code: GB
Administrative Contact Phone Number: +20.79871200
Administrative Contact Email: hostmaster@uk2.net
Name Server: ULTRA103.UK2.NET
Domain Registration Date: Tue Aug 02 08:09:38 GMT 2011

Nice little house you have there, "Stephanie". Could that knock at your front door be the FBI?

I admit to being a Fanatical Moderate. I Disdain the Inane. Vyizderzominymororzizazizdenderizorziz?

Reply

I admit to being a Fanatical Moderate. I Disdain the Inane. Vyizderzominymororzizazizdenderizorziz?

Reply
post #21 of 26
Quote:
Originally Posted by Tallest Skil View Post

Honestly, what? What in the world makes you think that kind of response is an acceptable reply to what he said?

Or maybe you fell for it and are lashing out.

Stourque is right. What the previous poster Slang4Art said is akin to "if she got raped it's her problem she was too skimpily dressed". So I second his harsh words.

Naivity should not be responded to with "too bad her problem" but education and security features. If I did not know you for your usual intelligent posts, I'd think you scam for a living

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

 

http://m.ign.com/articles/2014/07/16/7-high-school-girls-are-kickstarting-their-awa...

Reply
post #22 of 26
Quote:
Originally Posted by lightknight View Post

Stourque is right. What the previous poster Slang4Art said is akin to "if she got raped it's her problem she was too skimpily dressed". So I second his harsh words.

While that example is, of course, completely right, it's fundamentally different from this thread's topic and so the point stands.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #23 of 26
Quote:
Originally Posted by Kibitzer View Post

Nice little house you have there, "Stephanie". Could that knock at your front door be the FBI?

post #24 of 26
Quote:
Originally Posted by Tallest Skil View Post

Honestly, what? What in the world makes you think that kind of response is an acceptable reply to what he said?

Or maybe you fell for it and are lashing out.

No, I didn't fall for it, but it is easy to see how some might. In any case, to say that someone deserved to be ripped off - well I thought I used the appropriate term.
post #25 of 26
Quote:
Originally Posted by Prof. Peabody View Post

The easiest way to tell it's a scam is to hover over the link, but then iOS doesn't let one hover.

Could be a problem.

Press and hold on a link. You then have two options "Go to address" and "Copy". However, above that, is usually the URL.
post #26 of 26
I actually finally registered after years of reading AppleInsider just to post this response.

As a systems administrator for a web hosting company I can tell you with almost 100% certainty that the person who owns the domain "flowerpotss.biz" is not the scammer. Web servers get hacked via vulnerabilities in content management systems all the time. Hackers and phishers get enough access to the server to place their sites in subfolders of existing, legit websites, usually because of outdated, vulnerable software or scripts on the server.

The important information is not the info you get from "whois" on the domain name, but the info you get from "whois" on the IP address that the name resolves to, because the web hosting company needs to be alerted that one of their servers in compromised and needs a phishing site cleaned off of it.

In this case, the hosting provider, uk2.net disabled the entire site, but that does not mean that some lady from Ohio who owned the domain name was the scammer. When I received the phishing email on Friday, it was clear that outside of the URL that the link pointed to, there was a normal site trying to sell gardening supplies.

The point is that the person who owned "flowerpotts.biz" is having a bad enough time what with having their website hacked and then closed. Let's not also make them public targets just because someone in the tech chain didn't update their Joomla or MySQL or something.

Just sayin.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPod + iTunes + AppleTV
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Email scam targets MobileMe users with iCloud upgrade bait