« The Power of Coincidence | Main | Phony Verizon Billing Notification »

April 09, 2012

This morning, the malware bad guys have been sending out messages titled:

From: Apple Store
Subject: Order Acknowledgment W273706813

The order numbers vary from message to message. The body is a well-formatted HTML page that is very reminiscent of the actual order confirmations that Apple sends out (under a different Subject: line, mind you).

Bill to and Ship to names and addresses are apparently filled in from a random database under the crook's control. You won't recognize the names, but you will be terrified that you are being charged for a 17-inch Macbook Pro to the tune of about $2600.00.

Whatever you do, do not click any links in that email message. The links I've seen go to hijacked web sites. Although the pattern of what the link serves up has been used before (links to auto-load multiple JavaScript pages that then redirect to a different destination), and those in the past have been used to deliver Windows malware, these days even Mac users can't be too careful — thanks to the drive-by Java exploit that some experts say has infected over one-half million Macs.

If you are concerned about the possibility of your Apple account having been hacked (most likely through phishing, by the way, so you were the one who gave yourself over to the crooks), visit the Apple Store through a previously-saved bookmark and inspect your order history. You'll find nothing whatsoever about these bogus orders. Let the adrenalin drain from your system, and get on with your day.