« Now We Know Where All the Oil Profits Go | Main | E-Card Malware Lures, Part Umpteen »

August 03, 2008

I really fear that this phishing campaign will catch quite a few Apple customers off-guard. Here's what the mailing piece looks like:

With so many people these days using the iTunes store not only for music, but now downloading millions of iPhone applications (even the free ones cause the iTunes Store to generate emailed receipts), there are tons and tons of computer users of all flavors having constant contact with the iTunes Store. An alleged alert about a billing problem will get their attention.

Will, however, every recipient bother to notice that the link is not to apple.com, but to [removed].ws (see status bar in the above message)? Are users advanced enough to check the message's header info to see that the message was sent from an IP address in Sweden. Worse yet, if they click on the link and see the following page, will they suspect it's not really Apple's site if they don't confirm the Address field?

Please spread the word that if any institution for which you have an online account claims to have a problem with the account, never ever follow links or URLs in emailed messages—don't even visit the phony page unless you know how to prescreen it safely for malware nastiness. Instead, log into your account through normal means (ideally through a bookmark you previously established with the legitimate site). If there is a problem with your account, you can check it out that way. In 99.99% of the cases (assuming 0.01% deadbeats), there is no problem with your account, and you can move on after deleting the phishing message.

Remember that your Apple ID provides a gateway not only to the iTunes Store, but to the Apple Store, with all its Maclicious and iPodlicious goodies that can be shipped anywhere on your credit card.