The Mac Security Blog warns of a new phishing scam in circulation that tries to trick users into updating their Apple ID billing information, in hopes of stealing it for nefarious purposes.

A vast phishing attack has broken out, beginning on or around Christmas day, with e-mails being sent with the subject “Apple update your Billing Information.” These well-crafted e-mails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time. The messages claim to come from “appleid@id.apple.com.”

The email looks pretty legitimate, but upon hovering over the link you'll notice it points to an obviously fake Apple website asking you to enter your Apple ID credentials, and it's all downhill from there.

As always, never click on links in an email -- type them in yourself in a browser. When you get phishing emails, mark as spam and wash your hands of the worry. Done and done.

Source: The Mac Security Blog via CNET

A new phishing email scam is arriving in email inboxes targeted at Apple MobileMe users. The email is supposed to be from Apple and is asking users to upgrade their MobileMe accounts to iCloud. The email has been based on an earlier email that Apple sent to MobileMe users after the WWDC iCloud introduction.

Please sign up for iCloud and click the submit botton, you'll be able to keep your old email address and move your mail, contacts, calendars, and bookmarks to the new service. Your subscription will be automatically extended through July 31, 2012, at no additional charge. After that date, MobileMe will no longer be available. Click here to update iCLOUD

This phishing email is one of many currently doing the rounds, it is not that well done to be fair but it is worth mentioning as it appears to be a widespread problem. Stay well clear!

[MacRumors]

Apple has responded to that bizarre incident over the weekend involving a glut of Vietnamese, copyright-infringing book apps rocking to best-seller status on the backs of hacked iTunes accounts.

The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.

Developers do not receive any iTunes confidential customer data when an app is downloaded.

If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.

Good advice for this incident, great advice in general. Also remember to never, not ever, click a link in an email and log into an account. That's how social engineering attacks like Phishing scams work. Use a strong password (long, with numbers and symbols), keep it unique, and change it once and a while. Treat it as securely as you treat your credit card and cash -- because that's what it is.

UPDATE: According to Clayton Morris who followed up with Apple, about 400 users were impacted. iTunes's servers were not hacked. In response Apple will be increasing the frequency they require you to enter your credit card verification number going forward.

[Engadget, Clayton Morris]

Apple has gotten some much-deserved heat in the past for not adapting anti-phishing measures into their Safari browser. Phishing is when "bad guys" make look-alike websites and try to trick users into entering personal data like passwords or credit cards numbers, so they can be used to break into user accounts or make fraudulent purchases. We've had some warnings about MobileMe phishing attacks in the past for example.

Safari 4 Beta on the desktop finally took steps to address this, and it looks like Apple is rolling the anti-phishing alerts out to Mobile Safari as well! As more and more people start using mobile browsers for banking, email, and other security-sensitive tasks, Apple can't be too careful.

Also of note in the screen shot above is auto-fill. We're guessing this works like the desktop, automatically entering common data in text fields like name, email address, etc. (Of course, the convenience comes at the expense of the very security mentioned above -- balance your usage accordingly!)

Stealing credit card information is big business so perhaps it should come as no surprise that we're seeing so many phishing attacks targeted at even niche services like MobileMe. We've reported on a bunch of them already, and this latest one is just more of the same.

If you get an email warning you about the status of your account, asking you to verify billing info, or basically asking you anything at all, NEVER click on the link. Always launch your web browser and type in the main URL by hand (i.e. don't click on the email's "Login" button, go to Firefox or Safari and type in "http://www.me.com/"). (And yes, DNS can be cache poisoned and localhosts can be over-written, but depending how valuable a target you are and how much time you want to invest in proofing yourself, manually entering URLs is a good compromise between convenience and security.

Apple Insider has all the details for those who want them. Surf safe!

Well it seems like these scam artists will just not go away! Here at TiPb we like to keep you, our loyal readers, safe by alerting you of every scam out there. A while back we reported two other phishing scams aimed at MobileMe customers, and told you Apple was even posting warnings about them.

Just like those phishing scams, these latest scammers are looking to obtain your credit card information. According to UGN Infomanager:

Yesterday, and over night a wave of phishing attacks hit the servers targeting Apple Mobile Me users, and others who might not know the specifics of the phish. There were several, all from different "senders" but leading to the same address. READ THIS ALERT.

DO NOT CLICK ON ANY LINK IN THIS PHISHING ATTEMPT. Not only could it extract information from your computer, the site, or clickthrough pages could contain malware or spyware intended specifically for Mac users. If you can avoid opening it, you will avoid pinging the botnet of a live address.

In addition to all of that, MacNN is reporting that "the originating server DNS addresses have been masked by Joker.com, a site suspected of sympathizing with online criminals". Really nice isn't it? Be careful out there people!

(Via MacNN)

Not long ago we brought to your attention a phishing scam that was going around to some MobileMe customers, we then reported that Apple addressed the scam in their MobileMe blog. Well Apple Insider is now reporting that round 2 is just begining.

In this latest scam, an email is going around that says there are some issues with the users subscription renewal information. It then goes on to direct them to a link to update their credit card information. You can see the exact email that MobileMe customers are receiving below. Notice there is not a single MobileMe logo?

Here are some great tips from Rene:

REMEMBER: Don’t EVER believe email requests for secure data. Go to the site yourself (not through their link — type it in) and log in and see if there really is a problem. Check domain names carefully. App1e.com isn’t the same as Apple.com, they’re just hoping you don’t notice. Worried about the recent DNS poisoning attacks? Use HTTPS/SSL or use a direct IP address. If in any doubt, pick up a phone and call Apple (or your credit card company) directly.

Head on over to Apple Insider for the full story with detailed pictures.

Remember that phishing scam that targeted MobileMe users a while back? The one that may have nabbed hundreds of account holders' information? Well Apple must, because the latest in their series of MobileMe Updates addresses the issue head on:

You will never receive a message from MobileMe asking you to send personal information over email. If we are ever unable to charge your credit card, for instance, we will send you a reminder email, but will not directly link to any web pages. The safest way to respond and update any necessary information is to type www.me.com into your browser and log in to your account directly. That way you can be confident you are at me.com and your personal information is secure.

Apple further provides a support document on how to better determine the actual destination hidden behind a link, and an email address -- reportphishing@apple.com -- where users can forward any questionable content for investigation by Apple legal and law enforcement.

Together, MobileMe users can help take a byte out of Apple-targeted crime!

Remember that warning we posted on Tuesday about a MobileMe phishing attack in the wild? Turns out it's been terrifyingly effective so far. Ars Technica quotes CardCops president Dan Celements:

"We found 20 different files parked on the server, each file with two or three or four, up to 20, profiles. Cumulatively, there were about 300 profiles collected in that one day. And 100 to 200 were mac.com addresses."

NOT GOOD. Ars goes on to rightly point out that Apple customers are typically higher-income, and thus more desirable targets. We'd also add that Apple users are not as accustomed to malware and phishing as our Windows-using friends, but as email and web browsing doesn't care about platform, we REALLY need to be. Just like you wouldn't open a package left at your door that smelled like gasoline and was ticking, even if it came in a Tiffany's box, don't open links or give out credit card information just because it fakes coming from Apple.

REMEMBER: Don’t EVER believe email requests for secure data. Go to the site yourself (not through their link — type it in) and log in and see if there really is a problem. Check domain names carefully. App1e.com isn’t the same as Apple.com, they’re just hoping you don’t notice. Worried about the recent DNS poisoning attacks? Use HTTPS/SSL or use a direct IP address. If in any doubt, pick up a phone and call Apple (or your credit card company) directly.

Phishing attacks, where a bad guy tries to fool you into giving them personal information such as financial account logins, are nothing new on the 'net. Fake emails leading you to a fake bank site to enter your information so that they (increasingly organized crime, often in Russia or China) can log into your real site and transfer out all your money, then steal your identity and sell it off to second and third tier hackers for other nefarious uses.

This specific attack pretends to come from Apple regarding a MobileMe billing problem, and asks the user to click a link to update their credit card information (which will be promptly stolen). What makes this recent attack particularly dangerous is that MobileMe HAS had billing problems in the recent past, and what with all the other problems associated with the launch, users may be unfortunately prone to believe the phishing attack.

REMEMBER: Don't EVER believe email requests for secure data. Go to the site yourself (not through their link -- type it in) and log in and see if there really is a problem. Check domain names carefully. App1e.com isn't the same as Apple.com, they're just hoping you don't notice. Worried about the recent DNS poisoning attacks? Use HTTPS/SSL or use a direct IP address. If in any doubt, pick up a phone and call Apple (or your credit card company) directly.

Yes, the bad guys are bombing the internet back to the stone age. It's not a safe browsing world. Be careful and protect your data with the same care you protect real-world valuables.

(via Ars Technica)