"Checking for water damage is pretty simple and something everyone should do before forking over your hard earned cash for a second-hand iPhone 4."

If you're trying to save some money and are in the market to purchase a used iPhone 4 from either Craigslist, eBay, or some other local or online seller, one of the first things you'll want to do is check for any signs of water damage. I see several people in my office each week that purchased used iPhones that mysteriously quit working after a few days. As much as we'd like to believe there aren't people out there who would sell us broken or water damaged devices, it happens every day.

While online-only iPhone purchases are convenient, I highly recommend meeting up with someone locally, for example, someone off of Craiglist, before turning to eBay or any other online broker. This allows you inspect the iPhone device before you actually commit to purchasing it, and gives you a chance test it out and check for water damage yourself.

If you can't meet someone locally and need to buy online, request that the seller inspect for water damage and send you images that allow you to see that the water sensors are still intact and that the internals have not suffered any damage or corrosion.

Apple has placed 4 sensors inside the iPhone 4 that make it pretty easy to tell if any part of the device has come in contact with liquid. These sensors are placed exactly the same in the GSM iPhone 4 and CDMA iPhone 4. You want to make sure the sensors are white as opposed to red. If you see a sensor that has turned red, that's a sign it's come into contact with liquid or heavy humidity.

How to check external iPhone water sensors

The easiest thing to check are the two sensors you can see without removing the back of the iPhone 4. I recommend bringing a small pocket or keychain flashlight with you in order to get a good look at the sensors.

Headphone jack sensor

The easiest sensor to check in an iPhone 4 for water damage is the one at the bottom of the headphone jack

Your first sensor is located inside the headphone jack at the bottom. It's the easiest sensor to find and inspect. Shine a flashlight into it and make sure you don't see anything but white. (Red is bad.)

As a side note, this sensor can come out or become dislodged occasionally. If you don't see one, just move on and check the next sensor. I wouldn't take it as a sign that the seller is trying to be dishonest (yet).

Dock connector sensor

The white part I've emphasized in the image is where you'll want to look for the water sensor in the dock connector

The next sensor is a square sensor in the dock connector. To see it, hold the phone screen down in your hand and look inside the dock connector towards the middle. On the upper side you will see a tiny white square (or red square if the device has come into contact with liquid). Make sure this one is white.

If both sensors are white, it may not be necessary to proceed any further. The device most likely has never been subjected to water damage. If the headphone jack sensor was missing or you couldn't find one of the sensors, you may want to continue to the next section.

How to checking internal iPhone water sensors

It may seem silly to bring a screwdriver with you to check out an iPhone but it'll seem a lot less silly when it saves the lost money and headache you'd get for buying a water damaged iPhone 4.

There are two sensors on the inside of the iPhone 4 that are easily visible once the back is removed. You can pick up a security screw driver online and a #00 Phillips screwdriver from your local hardware store for a few bucks. You'll need one of the two in order to remove the back.

If you're buying a CDMA iPhone 4 off of someone, you'll most certainly need the security screwdriver. Older GSM models still have standard #00 screws while newer ones have security screws. Remove the 2 screws holding the back plate on and gently push the back up and pull it off. This will give you a clear view of the last 2 sensors and a lot of the internals of the device.

While you're checking the last 2 sensors it's always a good idea to look closely at the internals and make sure everything looks ok. You'll want to avoid any devices that show signs of the following:

• Obvious corrosion
• Torn cables
• Missing screws
• The battery tab is torn off
• A large amount of debris or dust inside the device

If all those seem good, you'll just need to make sure the water sensors check out okay.

Battery sensor

Check the sensor directly above the battery to make sure it hasn't turned red

The first sensor is placed directly over the clip that holds the battery down. Again, just make sure it's white and move on the to next and final sensor. If it isn't white but all the rest are, I'd probably still advise against buying the device as the battery or other internal parts could have come into contact with liquid at some point.

Logic board sensor

Never purchase a used iPhone 4 if the sensor over the screw holding down the logic board has turned red

The final sensor is located on a screw holding the logic board in place. If this sensor is white, you're in the clear. If it's not, you'll definitely want to stay away from purchasing the device. This sensor is the closest one to the logic board. If it's red, odds are the logic board has liquid damage and will eventually go out.

Wrap up

Checking for water damage is pretty simple and something everyone should do before forking over your hard earned cash for a second-hand iPhone 4. I would personally consider buying an iPhone 4 if only the headphone jack or dock connector sensor was triggered. If the rest of the device is in perfect condition and the inside has no sensors triggered, I'd say you're okay. A lot of things including living in a humid climate can cause external sensors to be triggered. Apple will actually honor a warranty swap if only one external sensor is triggered due to these factors.

Just make sure if one external sensor is triggered or missing that you check the inside ones. As long as those are okay, the decision really lies with how comfortable you feel and how honest you think the seller is. If they seem irritated or worried about you checking out the device, find another one.

Interested in other DIY, repair, and modding info? Check out the resources below or if you ever decide certain repairs are beyond your skill level, contact PXLFIX regarding mail-in repairs and pricing.

Additional resources

• How to choose quality iPhone 4 color kits
• All DIY, repair, and mod guides
• Mod and DIY repair forums

Scammers never miss an opportunity to scam, and while Twitter, forums, and email have long been subject to disgusting "test & keep new iPhone/iPad/whatever" spam, it looks like the iPhone 5 version has taken to SMS. That's right, not only are they content to waste your time and attention, they're now also wasting your text message totals.

A couple of our Twitter followers received identical scam spam today:

Apple is looking for iPhone 5 testers! The first 1000 users that go to [scam web address] and enter [scam code] will get to test & keep a new iPhone 5.

Needless to say, no they won't. If you get the text message, let us know in the comments, report it to your carrier, and by no means do anything it requests.

Source: @AKMolin, @MDSaunders

Is 2GB really all it takes now to be considered a "top 5" iPhone data user by AT&T and have your data throttled down?

AT&T now seems to be throttling iPhone users on grandfathered, unlimited data plans when they hit a paltry 2GB of data usage. We all know AT&T has been threatening to throttle iPhone users on unlimited data plans for quite some time now. AT&T announced data throttling last August and started implementing it last October. Since then we've heard from some of our readers that they were getting throttled down to 2G EDGE speeds. And it seems to be getting even more egregious.

As a rational person -- and long time customer -- I had a hard time believing it. I've been using anywhere from 4 to 8 gigabytes a month since October and never received any warning from AT&T. In fact, I told everyone in our AT&T forums that I had not yet received the infamous text message from AT&T, accusing me of being a "top 5%" data users.

Until yesterday.

Smartphone customers with unlimited data plans may experience reduced speeds once their usage in a billing cycle reaches the level that puts them among the top 5 percent of heaviest data users. These customers can still use unlimited data and their speeds will be restored with the start of the next billing cycle. We're writing because you are in the top 5 percent of heaviest data users for this billing cycle.

It came in just as I approached 2GB. That's what apparently qualifies as a "top 5%" here in Chicago. 2GB. Two days before the end of my billing cycle.

I immediately called AT&T and asked them -- 3 of them over the course of several hours -- two simple questions: Why, all of a sudden, after previous months of heavy use, did I receive this message and why, when I am paying for "unlimited" data am I being crippled just at two gigabytes?

They had no answers for me.

So I began to think about it some more and realized the previous few months I was using my unlocked Galaxy Nexus. Did that have anything to do with flying under the radar? Or did I simply switch back to my iPhone 4S around the time AT&T decided to take these new, overly aggressive tactics?

Or is there simply no consistency or rationality with how AT&T is going about their data throttling? Do some people, depending on the area and month, get away with 5 to 6 gigabytes with no issues while some are getting nailed at 2 gigabytes? Is 2 gigabytes the new magic number based on all of the complaints in our forums and responses that I received on Twitter?

Whatever the case may be, it sure seems like AT&T is putting the screws to unlimited iPhone data users, trying to push us into giving up our grandfathered plans and pressure us into taking one of their new, limited, tiered plans instead.

And that sucks, plain and simple.

AT&T offered a service, we signed up for it, we paid them for it, and now they're reneging on the spirit if not the letter of that service. They're breaking faith with their customers.

Maybe they don't want our particular type of user any more, maybe they'd rather we go somewhere else, but if they're willing to do this to one group of users, they'd do it to any group of users, at any time. And that's a terrible way to run a business.

Unlimited data plans were sold to iPhone users from day one. AT&T needs to stand by them. If they want us to switch to tiered plans, make those plans better. Offer free tethering, or make 4G LTE exclusive to those plans and wait for the iPhone 5 to drive demand for it. Make them so attractive we can't wait to switch. Don't do it by making our existing plans worse.

But AT&T has unlimited data users right where they want us, and they seem to be pulling out all of the stops to get rid of us.

Have you gotten throttled for using 2 gigabytes yet? Did it get you to switch to the new, tiered plans? And how does it make you feel about being an AT&T customer?

The Mac Security Blog warns of a new phishing scam in circulation that tries to trick users into updating their Apple ID billing information, in hopes of stealing it for nefarious purposes.

A vast phishing attack has broken out, beginning on or around Christmas day, with e-mails being sent with the subject “Apple update your Billing Information.” These well-crafted e-mails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time. The messages claim to come from “appleid@id.apple.com.”

The email looks pretty legitimate, but upon hovering over the link you'll notice it points to an obviously fake Apple website asking you to enter your Apple ID credentials, and it's all downhill from there.

As always, never click on links in an email -- type them in yourself in a browser. When you get phishing emails, mark as spam and wash your hands of the worry. Done and done.

Source: The Mac Security Blog via CNET

A new phishing email scam is arriving in email inboxes targeted at Apple MobileMe users. The email is supposed to be from Apple and is asking users to upgrade their MobileMe accounts to iCloud. The email has been based on an earlier email that Apple sent to MobileMe users after the WWDC iCloud introduction.

Please sign up for iCloud and click the submit botton, you'll be able to keep your old email address and move your mail, contacts, calendars, and bookmarks to the new service. Your subscription will be automatically extended through July 31, 2012, at no additional charge. After that date, MobileMe will no longer be available. Click here to update iCLOUD

This phishing email is one of many currently doing the rounds, it is not that well done to be fair but it is worth mentioning as it appears to be a widespread problem. Stay well clear!

[MacRumors]

There seems to be a fake jailbreak tool circulating at the moment that is being called "greenpois0n" that is claiming to be using the SHAtter exploit. Now this would all be fine and dandy except for the simple fact that the SHAtter jailbreak exploit has yet to be released by the Chronic Development Team. According to security researcher Costin Raiu at the Kapersey Labs, all that greenpois0n is doing is stealing users passwords.

We've seen scams similar to this before and we will more than likely see them again in the future so please remember if you see any website or program that claims to be capable of jailbreaking a iOS device running 4.0.2 or above, it is highly likely a scam or something much more damaging unless of course if it were to be released by Dev Team or Chronic Development Team themselves.

For more jailbreaking information be sure to visit our jailbreak and unlock forum.

[Ars Technica]

Yesterday reports were flying in that a "major security hole" in iTunes accounts linked to PayPal was being exploited. The problem turns out not to be a "major security hole" associated with iTunes accounts but rather a phishing scam that's actually pretty common. The scammers found a way to charge thousands of dollars to iTunes accounts through PayPal. One particular user who contacted TechCrunch reported 50 charges from PayPal of $99.99 each and luckily caught it in time before his bank distributed the funds to PayPal. Unfortunately, not everyone was able to catch the charges before funds were transferred but PayPal is reimbursing users for the fraud. An Apple spokesman did comment that the company is aware of the issue.

"Among other new security measures iTunes now requires more frequent re-entry of a customer's credit card security code," the spokesperson said. "But if your credit card or iTunes password is stolen and used on iTunes, we recommend that you contact your financial institution and inquire about canceling the card and issuing a charge-back for any unauthorized transactions. We also recommend that you change your iTunes account password immediately."

So if you have not already done so, we highly recommend you check to make sure your account is safe and check out Rene's write up on how to minimize the chance of your iTunes account being hacked.

[TechCrunch]

Lately all has been quiet in regards to Apple's MobileMe service and shady activities. In the past we've told you about a few separate cases of phishing scams going around. Well today we've heard that Oscar nominated actress, Salma Hayek's account has been hacked.

Honestly, this is something that is really not that difficult to do, especially depending on how much information you have about a person. Sarah Palin's Yahoo! account was famously hacked last year using information from Wikipedia, as have several other celebrities.

In this particular case, all that was needed was Salma's birthday and the answer to her security question which just happened to be "What is my favorite character?". Just in case you were wondering what the answer was, it was "Frida" which was Hayek's most popular role in a movie. (And yes, I'm sure it is now something a bit tougher to figure out so don't bother trying.) In the end, that is all of the information that was needed to gain access to all of her emails, calendar information, etc...

Moral of this story, choose your security questions and answers wisely... And if you're well known, make up a fake set of answers, memorize them thoroughly, and don't tell anyone else.

[Via Macworld]

While in the old days, this would no doubt have come from Creep McShady in a trench coat around the corner of some noir-esque alley, now its online fraudsters who've gamed Apple's iTunes gift certificate generation algorithms, unable to sell directly due to fear of Apple tracing the accounts, who've found a new target for their schemes. Says Apple Insider:

Third party iPhone App Store developers have received propositions from a scammer offering to buy large volumes of their iPhone applications and then split the resulting revenue with them, apparently using fraudulent iTunes gift certificates to make the purchases.

Of course, the developers faces every bit as much chance for retaliation from Apple, perhaps more so because this could end their careers as iPhone developers.

Yeah. Not a good idea.

September was the last time we saw some malicious attacks on MobileMe subscribers. Well the scammers are at it again, trying to take advantage of Apple's MobileMe subscribers. A Gizmodo reader claims to have gotten the email shown above.

If you then click the fake "Login" button you will be directed to a website the scammers have set up -- to look like Apple's web site -- asking for your credit card information. It is safe to say, delete this email if you happen to find it in your inbox.

[Via Gizmodo]

Well it seems like these scam artists will just not go away! Here at TiPb we like to keep you, our loyal readers, safe by alerting you of every scam out there. A while back we reported two other phishing scams aimed at MobileMe customers, and told you Apple was even posting warnings about them.

Just like those phishing scams, these latest scammers are looking to obtain your credit card information. According to UGN Infomanager:

Yesterday, and over night a wave of phishing attacks hit the servers targeting Apple Mobile Me users, and others who might not know the specifics of the phish. There were several, all from different "senders" but leading to the same address. READ THIS ALERT.

DO NOT CLICK ON ANY LINK IN THIS PHISHING ATTEMPT. Not only could it extract information from your computer, the site, or clickthrough pages could contain malware or spyware intended specifically for Mac users. If you can avoid opening it, you will avoid pinging the botnet of a live address.

In addition to all of that, MacNN is reporting that "the originating server DNS addresses have been masked by Joker.com, a site suspected of sympathizing with online criminals". Really nice isn't it? Be careful out there people!

(Via MacNN)

Not long ago we brought to your attention a phishing scam that was going around to some MobileMe customers, we then reported that Apple addressed the scam in their MobileMe blog. Well Apple Insider is now reporting that round 2 is just begining.

In this latest scam, an email is going around that says there are some issues with the users subscription renewal information. It then goes on to direct them to a link to update their credit card information. You can see the exact email that MobileMe customers are receiving below. Notice there is not a single MobileMe logo?

Here are some great tips from Rene:

REMEMBER: Don’t EVER believe email requests for secure data. Go to the site yourself (not through their link — type it in) and log in and see if there really is a problem. Check domain names carefully. App1e.com isn’t the same as Apple.com, they’re just hoping you don’t notice. Worried about the recent DNS poisoning attacks? Use HTTPS/SSL or use a direct IP address. If in any doubt, pick up a phone and call Apple (or your credit card company) directly.

Head on over to Apple Insider for the full story with detailed pictures.

Remember that phishing scam that targeted MobileMe users a while back? The one that may have nabbed hundreds of account holders' information? Well Apple must, because the latest in their series of MobileMe Updates addresses the issue head on:

You will never receive a message from MobileMe asking you to send personal information over email. If we are ever unable to charge your credit card, for instance, we will send you a reminder email, but will not directly link to any web pages. The safest way to respond and update any necessary information is to type www.me.com into your browser and log in to your account directly. That way you can be confident you are at me.com and your personal information is secure.

Apple further provides a support document on how to better determine the actual destination hidden behind a link, and an email address -- reportphishing@apple.com -- where users can forward any questionable content for investigation by Apple legal and law enforcement.

Together, MobileMe users can help take a byte out of Apple-targeted crime!

Remember that warning we posted on Tuesday about a MobileMe phishing attack in the wild? Turns out it's been terrifyingly effective so far. Ars Technica quotes CardCops president Dan Celements:

"We found 20 different files parked on the server, each file with two or three or four, up to 20, profiles. Cumulatively, there were about 300 profiles collected in that one day. And 100 to 200 were mac.com addresses."

NOT GOOD. Ars goes on to rightly point out that Apple customers are typically higher-income, and thus more desirable targets. We'd also add that Apple users are not as accustomed to malware and phishing as our Windows-using friends, but as email and web browsing doesn't care about platform, we REALLY need to be. Just like you wouldn't open a package left at your door that smelled like gasoline and was ticking, even if it came in a Tiffany's box, don't open links or give out credit card information just because it fakes coming from Apple.

REMEMBER: Don’t EVER believe email requests for secure data. Go to the site yourself (not through their link — type it in) and log in and see if there really is a problem. Check domain names carefully. App1e.com isn’t the same as Apple.com, they’re just hoping you don’t notice. Worried about the recent DNS poisoning attacks? Use HTTPS/SSL or use a direct IP address. If in any doubt, pick up a phone and call Apple (or your credit card company) directly.

Phishing attacks, where a bad guy tries to fool you into giving them personal information such as financial account logins, are nothing new on the 'net. Fake emails leading you to a fake bank site to enter your information so that they (increasingly organized crime, often in Russia or China) can log into your real site and transfer out all your money, then steal your identity and sell it off to second and third tier hackers for other nefarious uses.

This specific attack pretends to come from Apple regarding a MobileMe billing problem, and asks the user to click a link to update their credit card information (which will be promptly stolen). What makes this recent attack particularly dangerous is that MobileMe HAS had billing problems in the recent past, and what with all the other problems associated with the launch, users may be unfortunately prone to believe the phishing attack.

REMEMBER: Don't EVER believe email requests for secure data. Go to the site yourself (not through their link -- type it in) and log in and see if there really is a problem. Check domain names carefully. App1e.com isn't the same as Apple.com, they're just hoping you don't notice. Worried about the recent DNS poisoning attacks? Use HTTPS/SSL or use a direct IP address. If in any doubt, pick up a phone and call Apple (or your credit card company) directly.

Yes, the bad guys are bombing the internet back to the stone age. It's not a safe browsing world. Be careful and protect your data with the same care you protect real-world valuables.

(via Ars Technica)

Proving once again that nothing enables crooks more than the internet, Gizmodo is warning iPhone app-seekers to steer clear of scams:

If you Google "iPhone apps," the first thing that comes up is iPhoneApps.org, a site selling a bundle of "top 10" iPhone applications for $25 using "safe PayPal." Friends, there's nothing safe about this site. It's a scam. The iTunes App Store is the exclusive distributor of official iPhone apps, period. Don't get your apps anywhere else. Tell your friends and family. If you're savvy enough to use Installer.app, this PSA is not for you, obviously. [Thanks Blake!]

Remember, if something looks fishy, it probably is; seems too good to be true, is too good to be true; doesn't come from Apple's built-in-to-iPhone-and-iTunes App Store, is a big honking SCAM!