or Connect
AppleInsider › Forums › General › General Discussion › New scam digs for billing information from Apple customers
New Posts  All Forums:Forum Nav:

New scam digs for billing information from Apple customers

post #1 of 21
Thread Starter 
Security firms have issued warnings regarding a new "well-crafted" phishing scam that attempts to fool customers into providing their AppleID billing information.

Intego posted an alert on the scam earlier this week, noting that the first emails appeared to have gone out on or around Christmas day. The phishing email purports to come from "appleid@id.apple.com" and informs recipients that their billing information records are "out of date."

Customers are directed to click on a link to http://store.apple.com, but they are instead redirected to a "realistic-looking sign-in page," according to the security firm's report.

Though phishing scams targeting Apple customers are by no means new, this particular scam has attracted attention because it is unusually detailed in its efforts to deceive. The email makes use of the Apple logo and shading and employs better formatting than similar frauds in the past.

As a precautionary measure, users should remember not to click directly on links from email messages and instead navigate to the website in question on their own.

Phishing email seeking AppleID billing information. Credit: Intego.

In August, scammers set out to trick Apple's MobileMe subscribers into upgrading to the then-forthcoming iCloud service. Around the Thanksgiving holiday, another scam cropped up falsely advertising an iTunes gift certificate that was actually malware meant to pilfer passwords and other personal information.

Mac users were also the target of an elaborate hoax involving fake anti-virus software, usually dubbed MacDefender, earlier this year. The application would automatically download itself onto users' computers in an attempt to obtain their credit card information. Russian police later found evidence tying the scam to online payment service Chronopay.
post #2 of 21
Anyone with a half a brain, if they read the words, would pick up on the poorly worded grammar and mid-sentence capitalization. Most people should know that you don't need billing information to have an account, either.
You talkin' to me?
Reply
You talkin' to me?
Reply
post #3 of 21
Quote:
Originally Posted by Dickprinter View Post

Anyone with a half a brain, if they read the words, would pick up on the poorly worded grammar and mid-sentence capitalization. Most people should know that you don't need billing information to have an account, either.

These scammers are like lions in the Serengeti. It's old and feeble they gazelles they are after.

Personally I don't even click on email links from businesses when I'm certain they are legit. I always access from a bookmark in my browser just to be sure and make sure I maintain that habit.

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply
post #4 of 21
Looks like the scammers are being more careful about spelling and grammar, though there's still a few mistakes.

Some of the phish emails I've received have such horrible writing that you wonder if it was written using Google Translate from Chinese. I bet the scammers would do a lot better if they hired native English speakers to write their E-mails.

And how come there's so few native-English speaking scammers anyway? The US, Canada, UK, Australia, etc. have their fair share of criminals after all!
post #5 of 21
Quote:
Originally Posted by zorinlynx View Post

The US, Canada, UK, Australia, etc. have their fair share of criminals after all!

We have more than our fair share, thank you, but they all run banks.
AppleInsider = Apple-in-cider. It's a joke!

I've used macs since 1985 when I typed up my first research paper. Never used anything else never wanted to.
Reply
AppleInsider = Apple-in-cider. It's a joke!

I've used macs since 1985 when I typed up my first research paper. Never used anything else never wanted to.
Reply
post #6 of 21
My first thought: "Pffst... who would be dumb enough to fall for this?"

Second thought: "Crap! My elderly parents and their parents have Apple accounts, and they believe Nigeria has a couple thousand deposed princes. Doh!"

EDIT: Is it a coincidence that my post was preceded by a spammer who is advertising cheap wedding dresses?

EDIT 2: Cool, they 86'd it.
post #7 of 21
Quote:
Originally Posted by SolipsismX View Post

These scammers are like lions in the Serengeti. It's old and feeble they gazelles they are after.

Personally I don't even click on email links from businesses when I'm certain they are legit. I always access from a bookmark in my browser just to be sure and make sure I maintain that habit.

Good point, good simile and good habit. I do the same, also.
You talkin' to me?
Reply
You talkin' to me?
Reply
post #8 of 21
Quote:
Originally Posted by Dickprinter View Post

Anyone with a half a brain, if they read the words, would pick up on the poorly worded grammar and mid-sentence capitalization. Most people should know that you don't need billing information to have an account, either.

Actually you do. Sort of. It depends on what account you are referring to.

If it's for iCloud then no. But if you want to download even just the free stuff with no credit card etc on file you still have to give your billing address.

But both can use the same Apple ID, thus you might get this email.

Fortunately most folks will not fall for this scheme either because they realize that it could be fake or because they will be pissed at Apple for threatening to cancel their account "after you told me to sign up for that iCloud business when I got my iPhone last month and know you are just going to cancel my account and delete my contacts and the rest of it because I didn't give you a credit card" and find out that Apple didn't send that email.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #9 of 21
Online scammers, virus writers, spammers, etc. should be subject to the death penalty. A few visible instances of these vermin suffering the harshest possible punishment would make the rest of them think a little harder before doing the same.
post #10 of 21
use of "..." is not something apple would do, not formal enough.
"Billing Information" in the middle of a sentence? wrong.
"Thanks," = no thanks
"Dear customer," If I remember correctly, if its an email, they usually include your first name?
post #11 of 21
While you all are making good points about the weaknesses in the email, they would have to be a great deal worse before they really mattered. If a person doesn't know what a phishing attack is then the occasional grammar mistake isn't going to be all that alarming, IMO.
post #12 of 21
I've been getting these for months the last one was 30 Nov. That was "from" customerservice@apple.com. The text was slightly different:

Quote:
Dear Member,

It has come to our attention that your account Billing Information records are out of date. That requires you to update your Billing Information. Failure to update your records will result in account termination.

Please update your records within 24 hours. Once you have updated your account records, your account session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems.

Click on the reference link below and enter your login information on the following page to confirm your Billing Information records...
please go to http://store.apple.com to confirm your Billing Information records.

Thanks,
Apple Customer Support
post #13 of 21
Quote:
Originally Posted by AppleInsider View Post

As a precautionary measure, users should remember not to click directly on links from email messages and instead navigate to the website in question on their own.

The only problem with that is, Apple actually sends emails like this out from appleid@id.apple.com and they look very similar to this whenever you make certain changes to your account:

https://discussions.apple.com/thread...art=0&tstart=0
http://forums.macrumors.com/showthread.php?t=1254176

They actually request that you click on the verify link and enter your login and password, which is a bit irresponsible of them. You can tell the difference between the two emails as the wording is different with proper spelling and grammar in the legit one and they put your full name and email address into the email.

The redirect link for Apple goes to https://id.apple.com whereas the scam one goes to http://x.x.x.x - an unencrypted site with just an IP address:

http://venturebeat.com/2011/12/27/apple-phishing-scam/

Apple should not require a login for a verification link. No other online retailer I know of does this. Once you enter your login and password on a secure site and enter your details, they simply send out a verification link that doesn't require a login as they already assume you've typed it in correctly. In a way, Apple is being more secure as you might use a business email such as john.appleseed@apple.com and if your email is actually johnny.appleseed@apple.com then your verification email will go elsewhere meaning that this other person can reset your account password and bill your account.

The chances of someone having that problem are probably less likely than being taken in by a phishing scam so I'd say it's not a good method to verify an account is linked to a particular email address. They could even just send out a code that you have to enter into iTunes or their online profile to link the two up.
post #14 of 21
This isn't just targeting the "feeble", it's targeting the people who have a knee-jerk reaction to click through anything that "Apple" sends them.

Mind you, all my online purchasing is through gift cards so that is my suggestion if you really want to be safe. Granted, it limits you to less than $100 but if they get your CC number, who cares? The most they can scam from you is the balance on that card...
post #15 of 21
Quote:
Originally Posted by SolipsismX View Post

These scammers are like lions in the Serengeti. It's old and feeble they gazelles they are after.

Personally I don't even click on email links from businesses when I'm certain they are legit. I always access from a bookmark in my browser just to be sure and make sure I maintain that habit.

Many Mac users don't know they can hover over a link and check what it is ... I am forever warning folks I know to do this. Now I am re sending them all a warning to do this. I know Apple cannot do anything about other company's links but I wonder if they could build in an OS level check for their own financially secure links to literally ferret out a link claiming to be one of theirs being switched as a hidden link like this and kill them.

I also question whether ICAAN should allow the registration of domains that are more than likely aimed at misleading. It wouldn't take a brain surgeon to spot something that is likely to fall into that category.
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
post #16 of 21
Quote:
Originally Posted by patrickwalker View Post

This isn't just targeting the "feeble", it's targeting the people who have a knee-jerk reaction to click through anything that "Apple" sends them.

Mind you, all my online purchasing is through gift cards so that is my suggestion if you really want to be safe. Granted, it limits you to less than $100 but if they get your CC number, who cares? The most they can scam from you is the balance on that card...

I better not use my Black Amex again on line then
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
post #17 of 21
Quote:
Originally Posted by Marvin View Post

The only problem with that is, Apple actually sends emails like this out from appleid@id.apple.com and they look very similar to this whenever you make certain changes to your account:

https://discussions.apple.com/thread...art=0&tstart=0
http://forums.macrumors.com/showthread.php?t=1254176

They actually request that you click on the verify link and enter your login and password, which is a bit irresponsible of them. You can tell the difference between the two emails as the wording is different with proper spelling and grammar in the legit one and they put your full name and email address into the email.

The redirect link for Apple goes to https://id.apple.com whereas the scam one goes to http://x.x.x.x - an unencrypted site with just an IP address:

http://venturebeat.com/2011/12/27/apple-phishing-scam/

Apple should not require a login for a verification link. No other online retailer I know of does this. Once you enter your login and password on a secure site and enter your details, they simply send out a verification link that doesn't require a login as they already assume you've typed it in correctly. In a way, Apple is being more secure as you might use a business email such as john.appleseed@apple.com and if your email is actually johnny.appleseed@apple.com then your verification email will go elsewhere meaning that this other person can reset your account password and bill your account.

The chances of someone having that problem are probably less likely than being taken in by a phishing scam so I'd say it's not a good method to verify an account is linked to a particular email address. They could even just send out a code that you have to enter into iTunes or their online profile to link the two up.

How would this 'other person' reset the password by simply receiving the email? You always have to know the original password to rest it to a new one in my experience.
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
post #18 of 21
Quote:
Originally Posted by digitalclips View Post

How would this 'other person' reset the password by simply receiving the email? You always have to know the original password to rest it to a new one in my experience.

Forgotten password links allow you to reset them:

https://iforgot.apple.com

They do ask for account info like security questions but if it was a company email, a co-worker might know that info. Like I say though, that's an unlikely series of events and why Apple should simply use standard verification links that don't require a login.
post #19 of 21
Quote:
Originally Posted by digitalclips View Post

...

I also question whether ICAAN should allow the registration of domains that are more than likely aimed at misleading. It wouldn't take a brain surgeon to spot something that is likely to fall into that category.

Actually ICAAN is pretty useless in a lot of respects. Expired domain names are sold off by the thousands to outfits whose sole purpose is to cash in on people/companies who later wish to register the same name for legitimate purposes.
post #20 of 21
I wonder why scammers are trying so hard to target Apple users? Hmmmm... I wonder if maybe it's because they are growing in number?

Granted none of these attacks are actual viruses and that the mac platform will never see anything remotely close to the level of filth that Windows users have to deal with everyday, but still one has to admit...
post #21 of 21
Quote:
Originally Posted by ericblr View Post

I wonder why scammers are trying so hard to target Apple users? Hmmmm... I wonder if maybe it's because they are growing in number?

Granted none of these attacks are actual viruses and that the mac platform will never see anything remotely close to the level of filth that Windows users have to deal with everyday, but still one has to admit...

1) This scam goes after anyone that uses email and uses Apple's online store. Since iTunes is on Windows this would include Windows. There is no targeting of Macs here.

2) Macs had more viruses before Mac OS X when they had worse market share and considerably less sales per quarter. There is no security through obscurity when you maintain the dominate mindshare by which all others are measured.

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › New scam digs for billing information from Apple customers