Phishers point scam at Apple's iTunes
Music store users targeted for the first time by sophisticated ID theft, says Proofpoint
People began receiving spammed messages yesterday telling them that they must correct a problem with their iTunes account, said Andrew Lochart, an executive at e-mail security vendor Proofpoint Inc.
A link in the spam leads to a site posing as an iTunes billing update page; that phony page asks for information, including credit card number and security code, Social Security number and mother's maiden name.
The theft attempt is a new twist on the usual phishing attack, said Lochart. "We've gotten used to seeing the usual companies and brands attacked," he said, "like PayPal, eBay and Citibank. But we've never seen Apple as the target."
In a way, said Lochart, the phishing campaign is almost a compliment. "It's probably indicative that the bad guys see Apple's online presence as large enough to be a target. It's part and parcel of the success that Apple has enjoyed lately."
Lochart also speculated that the identity thieves aimed the new attack at iTunes users because of the service's perceived demographics. "I wonder if the bad guys are thinking that [iTunes users] are younger than those for some of the other phished sites, like banks and eBay," said Lochart. "The way that teenagers and young adults use the Internet, they show a certain level of trust or openness when they post their name and age and school on MySpace."
On one hand, Lochart added, young people who grew up with the Internet are considered technologically savvier than their elders. "But then you see the way they use something like MySpace in a way that's considered risky behavior."
Although the phoniness of the link to the bogus iTunes account page might be overlooked in the spam e-mail, the URL is clearly not part of the official iTunes domain. "They've actually done a pretty poor job," Lochart, said of the phishers.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts