WARNING: MobileMe Phishing Scam in the Wild

iPhone 2.0 Jailbreak and Unlock

Phishing attacks, where a bad guy tries to fool you into giving them personal information such as financial account logins, are nothing new on the 'net. Fake emails leading you to a fake bank site to enter your information so that they (increasingly organized crime, often in Russia or China) can log into your real site and transfer out all your money, then steal your identity and sell it off to second and third tier hackers for other nefarious uses.

This specific attack pretends to come from Apple regarding a MobileMe billing problem, and asks the user to click a link to update their credit card information (which will be promptly stolen). What makes this recent attack particularly dangerous is that MobileMe HAS had billing problems in the recent past, and what with all the other problems associated with the launch, users may be unfortunately prone to believe the phishing attack.

REMEMBER: Don't EVER believe email requests for secure data. Go to the site yourself (not through their link -- type it in) and log in and see if there really is a problem. Check domain names carefully. App1e.com isn't the same as Apple.com, they're just hoping you don't notice. Worried about the recent DNS poisoning attacks? Use HTTPS/SSL or use a direct IP address. If in any doubt, pick up a phone and call Apple (or your credit card company) directly.

Yes, the bad guys are bombing the internet back to the stone age. It's not a safe browsing world. Be careful and protect your data with the same care you protect real-world valuables.

(via Ars Technica)

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, Review, The TV Show, Vector, ZEN & TECH, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Best Cut-and-Paste Proof of Concept to Date

Next up →

Lightning Review: Absolute Fitness

There are 3 comments. Add yours.

Outer Space Ringtones says:

DNS poisoning attacks? Never come across those... so does that mean that even a URL that looks legit could be bad?

Fitz says:

Related Story, www.twitter.com got passwords stolen just 2 days ago. It appears no site is unbreakable.

Get Paid To Surveys says:

I wanted to say hey there. I are dropping by this internet site.