Apple Security Alert: Christmas Phishing Scheme

December 27, 2011, By George Lang

A fraudulent Santa is apparently delivering some belated, coal-like email stuffers to Apple product owners, regardless if they were good or bad this year. The unwanted phishing scheme comes in electronic mail form. The security risk is a serious one for Apple product owners and is designed to obtain personal data by asking Apple customers to update their billing information.

Apple product owners began receiving these emails on Christmas day, according to Apple security blogger Intego. Quoted from yesterday’s Mac Security Blog, the email message reads as follows:

The subject line of the email reads, “Apple update your Billing  Information.” (MSNBC) If you receive one of these emails, the recommended action is to delete it. Here is an excerpt from the Mac Security Blog describing why:

If you click on the link in the message, you will be taken to a realistic looking sign-in page, then, after entering your Apple ID and password, you’ll be taken to a page asking you to update your account profile, notably entering your credit card information. Again, this page looks realistic, and many of the elements it contains are taken from Apple’s own web pages.

So how do you know that this is a phishing e-mail? The first rule of thumb is to move your cursor over the link in the message and wait for a tooltip to pop up:

As you can see above, the URL that displays is not an apple.com address, but rather a numerical address (we’ve blurred the first part of the address). At the end of the address is a page called apple.htm, which could fool people, but that’s not what’s important. Always look at the part right after the http:// in the URL: if it’s not something.apple.com (it could be www.apple.com, store.apple.com, or something else), then it’s bogus.

We hope you’ll be careful if you’re new to Macs and Apple products. We work hard to keep Mac and Apple users safe from the many dangers of the Internet. (Mac Security Blog)

One thing that always cautions us here at DeviceMAG is that at the end of this last quoted sentence of the blog, there is an ad link trying to sell anti-malware software. Nonetheless, there are many others who are reporting this phishing scheme, so we will side with them on its importance.

That phishing artists are targeting Apple users at this time of the year is no mere coincidence. With Apple products such as iPad, iPhone, iPod Touch, and Apple computers on many Christmas wish lists, the scammers stand to harvest a large bounty of personal information from naive users setting up their new accounts with Apple; and all they have to do is get a nasty Santa to deliver a few million less-than-savory emails to their inboxes!

© 2008-2012 DeviceMag.com - All rights reserved | Privacy Policy