Phishing scam dupes hundreds of MobileMe users
Security firm finds hacker stash, traces victims to MobileMe billing ruse
Computerworld - A recent phishing scam targeting users of Apple Inc.'s .Mac and MobileMe online services has successfully duped hundreds into divulging credit card and other personal information, a security company said today.
According to Dan Clements, president of CardCops Inc., an identity protection service of Trumbull, Conn.-based Affinion Group Inc., the phishing campaign scammed between 100 and 200 people with mac.com addresses in just one day.
CardCops, which uses automated bots and human investigators to scour the Internet's underbelly -- the chat rooms, sites and message forums frequented by cybercriminals -- uncovered a stash of records on a server that hackers use to house stolen information.
"We found 20 different files parked on the server," said Clements, "each file with two or three or four, up to 20, profiles." Computerworld, which was allowed to view the profiles, verified that the records, or "full profiles" as Clements dubbed them, included full names, mailing addresses, credit card numbers, card security numbers, birth dates, mother's maiden names, and e-mail addresses and passwords.
"Cumulatively, there were about 300 profiles collected in that one day," Clements said. "And 100 to 200 were mac.com addresses."
After some additional investigation -- which included calling many of the victims to verify that they'd fallen for the ploy -- CardCops pieced together the crime. "We realized that it was a phishing attack, of course, but also that these phishers timed it with an Apple event."
Clements referred to the recent migration Apple conducted for subscribers of its older .Mac online service to MobileMe, the successor that launched just over a month ago. "It looks like that raised the conversion rate of their captures," he added, explaining the phishers' success rate in tricking people into giving up credit card and other confidential information.
Earlier this week, Macworld, a Computerworld sister publication, reported a phishing attack using messages masquerading as Apple's to ask MobileMe users to re-enter their credit card information because of a billing problem.
The message was convincing. "Some of the users who we talked to were very sophisticated users. But they still fell for this attack," said Clements.
Researchers at Trend Micro Inc. agreed that the attack was slick. In a blog post Tuesday, Trend's Jovi Umawing said the message "looks clean and sleek, the text courteous and professional, hardly the kind that instantly gives away [it] away as a fake or scam." He also noted that some of the links in the bogus mail actually lead to legitimate Apple pages.
Clements pinned some of the responsibility on users' trust in Apple. "Absolutely the case," he said when asked if Apple customers' faith in the company was a factor in getting so many to divulge information.
The MobileMe scam wasn't the first time that phishers have used the Apple brand to fake out consumers. In May, criminals hit iTunes users with sophisticated identity theft attacks, again claiming that credit card problems required them to re-enter information to update their accounts.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Cybercrime and Hacking White Papers |