Phishing scam dupes hundreds of MobileMe users
Security firm finds hacker stash, traces victims to MobileMe billing ruse
Computerworld - A recent phishing scam targeting users of Apple Inc.'s .Mac and MobileMe online services has successfully duped hundreds into divulging credit card and other personal information, a security company said today.
According to Dan Clements, president of CardCops Inc., an identity protection service of Trumbull, Conn.-based Affinion Group Inc., the phishing campaign scammed between 100 and 200 people with mac.com addresses in just one day.
CardCops, which uses automated bots and human investigators to scour the Internet's underbelly -- the chat rooms, sites and message forums frequented by cybercriminals -- uncovered a stash of records on a server that hackers use to house stolen information.
"We found 20 different files parked on the server," said Clements, "each file with two or three or four, up to 20, profiles." Computerworld, which was allowed to view the profiles, verified that the records, or "full profiles" as Clements dubbed them, included full names, mailing addresses, credit card numbers, card security numbers, birth dates, mother's maiden names, and e-mail addresses and passwords.
"Cumulatively, there were about 300 profiles collected in that one day," Clements said. "And 100 to 200 were mac.com addresses."
After some additional investigation -- which included calling many of the victims to verify that they'd fallen for the ploy -- CardCops pieced together the crime. "We realized that it was a phishing attack, of course, but also that these phishers timed it with an Apple event."
Clements referred to the recent migration Apple conducted for subscribers of its older .Mac online service to MobileMe, the successor that launched just over a month ago. "It looks like that raised the conversion rate of their captures," he added, explaining the phishers' success rate in tricking people into giving up credit card and other confidential information.
Earlier this week, Macworld, a Computerworld sister publication, reported a phishing attack using messages masquerading as Apple's to ask MobileMe users to re-enter their credit card information because of a billing problem.
The message was convincing. "Some of the users who we talked to were very sophisticated users. But they still fell for this attack," said Clements.
Researchers at Trend Micro Inc. agreed that the attack was slick. In a blog post Tuesday, Trend's Jovi Umawing said the message "looks clean and sleek, the text courteous and professional, hardly the kind that instantly gives away [it] away as a fake or scam." He also noted that some of the links in the bogus mail actually lead to legitimate Apple pages.
Clements pinned some of the responsibility on users' trust in Apple. "Absolutely the case," he said when asked if Apple customers' faith in the company was a factor in getting so many to divulge information.
The MobileMe scam wasn't the first time that phishers have used the Apple brand to fake out consumers. In May, criminals hit iTunes users with sophisticated identity theft attacks, again claiming that credit card problems required them to re-enter information to update their accounts.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts