According to a blog post Monday by antivirus maker Intego, mentions scammers are making the rounds going after Apple users, dispatching e-mail messages with the subject ‘Apple Billing Information‘ to users who owned Apple products.
It is probably a hot time of year for these phishing attacks, since a lot of people probably got new Apple products for Christmas, and can easily catch newcomers, and a few old-timers too, with its nearly authentic look.
The deceptive attack commenced on Christmas day with a poorly-worded subject line, ‘Apple update your Billing Information’. Another dubious thing is that the request refers to out-of-date information, which would be odd for someone who had recently set up an account.
Image courtesy “The Mac Security Blog” from Intego
In a posting, Intego states that the fraudulent e-mail asks people to enter their Apple ID and password before asking them to update their account profile including their credit card information, the security vendor noted.
“These well-defined e-mail could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time,” the blog post stated.
If you click on the link in the message, you will be directed to a genuine looking sign-in page, then, after entering your Apple ID and password, you will be taken to a page asking you to update your account profile, notably entering your credit card information. Again, this page looks authentic, and many of the elements it contains are taken from Apple’s own webpages.
Intego has identified and documented the phishing scam is being sent from “appleid@id.apple.com” that asks recipients to update their information. There are a few hints, however, that this is not a legitimate request.
If you mouse-over the hyperlink in the (impressively fraudulent) email address, you will see a floating box that reveals the real destination of that link: the telltale chain of four numbers that specifies a numeric IP address, rather than a link to somewhere within the apple.com domain. As Intego rightly described, “if it is not something.apple.com (it could be www.apple.com, store.apple.com, or something else), then it is bogus.”
Image courtesy “The Mac Security Blog” from Intego
This is a very cleverly crafted scam that is sure to catch some people along the way, but when you take the context and timing of Christmas into account, this attack can be quite successful at massive scale. Imagine your mom using a new MacBook and getting this email today, it might make perfect sense to her that Apple is reaching out, since she just got the new machine.
If you have just been gifted a new Apple product or know someone who did, beware of this scam and spread the word. If you gifted an Apple product to someone this holiday season, perhaps a brief word of notice could save them a bit of trouble.