New scam digs for billing information from Apple customers

Posted:
in General Discussion edited January 2014
Security firms have issued warnings regarding a new "well-crafted" phishing scam that attempts to fool customers into providing their AppleID billing information.



Intego posted an alert on the scam earlier this week, noting that the first emails appeared to have gone out on or around Christmas day. The phishing email purports to come from "[email protected]" and informs recipients that their billing information records are "out of date."



Customers are directed to click on a link to http://store.apple.com, but they are instead redirected to a "realistic-looking sign-in page," according to the security firm's report.



Though phishing scams targeting Apple customers are by no means new, this particular scam has attracted attention because it is unusually detailed in its efforts to deceive. The email makes use of the Apple logo and shading and employs better formatting than similar frauds in the past.



As a precautionary measure, users should remember not to click directly on links from email messages and instead navigate to the website in question on their own.



Phishing email seeking AppleID billing information. Credit: Intego.



In August, scammers set out to trick Apple's MobileMe subscribers into upgrading to the then-forthcoming iCloud service. Around the Thanksgiving holiday, another scam cropped up falsely advertising an iTunes gift certificate that was actually malware meant to pilfer passwords and other personal information.



Mac users were also the target of an elaborate hoax involving fake anti-virus software, usually dubbed MacDefender, earlier this year. The application would automatically download itself onto users' computers in an attempt to obtain their credit card information. Russian police later found evidence tying the scam to online payment service Chronopay.

Comments

  • Reply 1 of 20
    Anyone with a half a brain, if they read the words, would pick up on the poorly worded grammar and mid-sentence capitalization. Most people should know that you don't need billing information to have an account, either.
  • Reply 2 of 20
    Quote:
    Originally Posted by Dickprinter View Post


    Anyone with a half a brain, if they read the words, would pick up on the poorly worded grammar and mid-sentence capitalization. Most people should know that you don't need billing information to have an account, either.



    These scammers are like lions in the Serengeti. It's old and feeble they gazelles they are after.



    Personally I don't even click on email links from businesses when I'm certain they are legit. I always access from a bookmark in my browser just to be sure and make sure I maintain that habit.
  • Reply 3 of 20
    Looks like the scammers are being more careful about spelling and grammar, though there's still a few mistakes.



    Some of the phish emails I've received have such horrible writing that you wonder if it was written using Google Translate from Chinese. I bet the scammers would do a lot better if they hired native English speakers to write their E-mails.



    And how come there's so few native-English speaking scammers anyway? The US, Canada, UK, Australia, etc. have their fair share of criminals after all!
  • Reply 4 of 20
    Quote:
    Originally Posted by zorinlynx View Post


    The US, Canada, UK, Australia, etc. have their fair share of criminals after all!



    We have more than our fair share, thank you, but they all run banks.
  • Reply 5 of 20
    My first thought: "Pffst... who would be dumb enough to fall for this?"



    Second thought: "Crap! My elderly parents and their parents have Apple accounts, and they believe Nigeria has a couple thousand deposed princes. Doh!"



    EDIT: Is it a coincidence that my post was preceded by a spammer who is advertising cheap wedding dresses?



    EDIT 2: Cool, they 86'd it.
  • Reply 6 of 20
    Quote:
    Originally Posted by SolipsismX View Post


    These scammers are like lions in the Serengeti. It's old and feeble they gazelles they are after.



    Personally I don't even click on email links from businesses when I'm certain they are legit. I always access from a bookmark in my browser just to be sure and make sure I maintain that habit.



    Good point, good simile and good habit. I do the same, also.
  • Reply 7 of 20
    Quote:
    Originally Posted by Dickprinter View Post


    Anyone with a half a brain, if they read the words, would pick up on the poorly worded grammar and mid-sentence capitalization. Most people should know that you don't need billing information to have an account, either.



    Actually you do. Sort of. It depends on what account you are referring to.



    If it's for iCloud then no. But if you want to download even just the free stuff with no credit card etc on file you still have to give your billing address.



    But both can use the same Apple ID, thus you might get this email.



    Fortunately most folks will not fall for this scheme either because they realize that it could be fake or because they will be pissed at Apple for threatening to cancel their account "after you told me to sign up for that iCloud business when I got my iPhone last month and know you are just going to cancel my account and delete my contacts and the rest of it because I didn't give you a credit card" and find out that Apple didn't send that email.
  • Reply 8 of 20
    x38x38 Posts: 97member
    Online scammers, virus writers, spammers, etc. should be subject to the death penalty. A few visible instances of these vermin suffering the harshest possible punishment would make the rest of them think a little harder before doing the same.
  • Reply 9 of 20
    use of "..." is not something apple would do, not formal enough.

    "Billing Information" in the middle of a sentence? wrong.

    "Thanks," = no thanks

    "Dear customer," If I remember correctly, if its an email, they usually include your first name?
  • Reply 10 of 20
    While you all are making good points about the weaknesses in the email, they would have to be a great deal worse before they really mattered. If a person doesn't know what a phishing attack is then the occasional grammar mistake isn't going to be all that alarming, IMO.
  • Reply 11 of 20
    I've been getting these for months ? the last one was 30 Nov. That was "from" [email protected]. The text was slightly different:



    Quote:

    Dear Member,



    It has come to our attention that your account Billing Information records are out of date. That requires you to update your Billing Information. Failure to update your records will result in account termination.



    Please update your records within 24 hours. Once you have updated your account records, your account session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems.



    Click on the reference link below and enter your login information on the following page to confirm your Billing Information records...

    please go to http://store.apple.com to confirm your Billing Information records.



    Thanks,

    Apple Customer Support



  • Reply 12 of 20
    MarvinMarvin Posts: 15,309moderator
    Quote:
    Originally Posted by AppleInsider View Post


    As a precautionary measure, users should remember not to click directly on links from email messages and instead navigate to the website in question on their own.



    The only problem with that is, Apple actually sends emails like this out from [email protected] and they look very similar to this whenever you make certain changes to your account:



    https://discussions.apple.com/thread...art=0&tstart=0

    http://forums.macrumors.com/showthread.php?t=1254176



    They actually request that you click on the verify link and enter your login and password, which is a bit irresponsible of them. You can tell the difference between the two emails as the wording is different with proper spelling and grammar in the legit one and they put your full name and email address into the email.



    The redirect link for Apple goes to https://id.apple.com whereas the scam one goes to http://x.x.x.x - an unencrypted site with just an IP address:



    http://venturebeat.com/2011/12/27/apple-phishing-scam/



    Apple should not require a login for a verification link. No other online retailer I know of does this. Once you enter your login and password on a secure site and enter your details, they simply send out a verification link that doesn't require a login as they already assume you've typed it in correctly. In a way, Apple is being more secure as you might use a business email such as [email protected] and if your email is actually [email protected] then your verification email will go elsewhere meaning that this other person can reset your account password and bill your account.



    The chances of someone having that problem are probably less likely than being taken in by a phishing scam so I'd say it's not a good method to verify an account is linked to a particular email address. They could even just send out a code that you have to enter into iTunes or their online profile to link the two up.
  • Reply 13 of 20
    This isn't just targeting the "feeble", it's targeting the people who have a knee-jerk reaction to click through anything that "Apple" sends them.



    Mind you, all my online purchasing is through gift cards so that is my suggestion if you really want to be safe. Granted, it limits you to less than $100 but if they get your CC number, who cares? The most they can scam from you is the balance on that card...
  • Reply 14 of 20
    MacProMacPro Posts: 19,718member
    Quote:
    Originally Posted by SolipsismX View Post


    These scammers are like lions in the Serengeti. It's old and feeble they gazelles they are after.



    Personally I don't even click on email links from businesses when I'm certain they are legit. I always access from a bookmark in my browser just to be sure and make sure I maintain that habit.



    Many Mac users don't know they can hover over a link and check what it is ... I am forever warning folks I know to do this. Now I am re sending them all a warning to do this. I know Apple cannot do anything about other company's links but I wonder if they could build in an OS level check for their own financially secure links to literally ferret out a link claiming to be one of theirs being switched as a hidden link like this and kill them.



    I also question whether ICAAN should allow the registration of domains that are more than likely aimed at misleading. It wouldn't take a brain surgeon to spot something that is likely to fall into that category.
  • Reply 15 of 20
    MacProMacPro Posts: 19,718member
    Quote:
    Originally Posted by patrickwalker View Post


    This isn't just targeting the "feeble", it's targeting the people who have a knee-jerk reaction to click through anything that "Apple" sends them.



    Mind you, all my online purchasing is through gift cards so that is my suggestion if you really want to be safe. Granted, it limits you to less than $100 but if they get your CC number, who cares? The most they can scam from you is the balance on that card...



    I better not use my Black Amex again on line then
  • Reply 16 of 20
    MacProMacPro Posts: 19,718member
    Quote:
    Originally Posted by Marvin View Post


    The only problem with that is, Apple actually sends emails like this out from [email protected] and they look very similar to this whenever you make certain changes to your account:



    https://discussions.apple.com/thread...art=0&tstart=0

    http://forums.macrumors.com/showthread.php?t=1254176



    They actually request that you click on the verify link and enter your login and password, which is a bit irresponsible of them. You can tell the difference between the two emails as the wording is different with proper spelling and grammar in the legit one and they put your full name and email address into the email.



    The redirect link for Apple goes to https://id.apple.com whereas the scam one goes to http://x.x.x.x - an unencrypted site with just an IP address:



    http://venturebeat.com/2011/12/27/apple-phishing-scam/



    Apple should not require a login for a verification link. No other online retailer I know of does this. Once you enter your login and password on a secure site and enter your details, they simply send out a verification link that doesn't require a login as they already assume you've typed it in correctly. In a way, Apple is being more secure as you might use a business email such as [email protected] and if your email is actually [email protected] then your verification email will go elsewhere meaning that this other person can reset your account password and bill your account.



    The chances of someone having that problem are probably less likely than being taken in by a phishing scam so I'd say it's not a good method to verify an account is linked to a particular email address. They could even just send out a code that you have to enter into iTunes or their online profile to link the two up.



    How would this 'other person' reset the password by simply receiving the email? You always have to know the original password to rest it to a new one in my experience.
  • Reply 17 of 20
    MarvinMarvin Posts: 15,309moderator
    Quote:
    Originally Posted by digitalclips View Post


    How would this 'other person' reset the password by simply receiving the email? You always have to know the original password to rest it to a new one in my experience.



    Forgotten password links allow you to reset them:



    https://iforgot.apple.com



    They do ask for account info like security questions but if it was a company email, a co-worker might know that info. Like I say though, that's an unlikely series of events and why Apple should simply use standard verification links that don't require a login.
  • Reply 18 of 20
    Quote:
    Originally Posted by digitalclips View Post


    ...



    I also question whether ICAAN should allow the registration of domains that are more than likely aimed at misleading. It wouldn't take a brain surgeon to spot something that is likely to fall into that category.



    Actually ICAAN is pretty useless in a lot of respects. Expired domain names are sold off by the thousands to outfits whose sole purpose is to cash in on people/companies who later wish to register the same name for legitimate purposes.
  • Reply 19 of 20
    I wonder why scammers are trying so hard to target Apple users? Hmmmm... I wonder if maybe it's because they are growing in number?



    Granted none of these attacks are actual viruses and that the mac platform will never see anything remotely close to the level of filth that Windows users have to deal with everyday, but still one has to admit...
  • Reply 20 of 20
    solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by ericblr View Post


    I wonder why scammers are trying so hard to target Apple users? Hmmmm... I wonder if maybe it's because they are growing in number?



    Granted none of these attacks are actual viruses and that the mac platform will never see anything remotely close to the level of filth that Windows users have to deal with everyday, but still one has to admit...



    1) This scam goes after anyone that uses email and uses Apple's online store. Since iTunes is on Windows this would include Windows. There is no targeting of Macs here.



    2) Macs had more viruses before Mac OS X when they had worse market share and considerably less sales per quarter. There is no security through obscurity when you maintain the dominate mindshare by which all others are measured.
Sign In or Register to comment.