Phishing scam dupes hundreds of MobileMe users
Security firm finds hacker stash, traces victims to MobileMe billing ruse
Computerworld - A recent phishing scam targeting users of Apple Inc.'s .Mac and MobileMe online services has successfully duped hundreds into divulging credit card and other personal information, a security company said today.
According to Dan Clements, president of CardCops Inc., an identity protection service of Trumbull, Conn.-based Affinion Group Inc., the phishing campaign scammed between 100 and 200 people with mac.com addresses in just one day.
CardCops, which uses automated bots and human investigators to scour the Internet's underbelly -- the chat rooms, sites and message forums frequented by cybercriminals -- uncovered a stash of records on a server that hackers use to house stolen information.
"We found 20 different files parked on the server," said Clements, "each file with two or three or four, up to 20, profiles." Computerworld, which was allowed to view the profiles, verified that the records, or "full profiles" as Clements dubbed them, included full names, mailing addresses, credit card numbers, card security numbers, birth dates, mother's maiden names, and e-mail addresses and passwords.
"Cumulatively, there were about 300 profiles collected in that one day," Clements said. "And 100 to 200 were mac.com addresses."
After some additional investigation -- which included calling many of the victims to verify that they'd fallen for the ploy -- CardCops pieced together the crime. "We realized that it was a phishing attack, of course, but also that these phishers timed it with an Apple event."
Clements referred to the recent migration Apple conducted for subscribers of its older .Mac online service to MobileMe, the successor that launched just over a month ago. "It looks like that raised the conversion rate of their captures," he added, explaining the phishers' success rate in tricking people into giving up credit card and other confidential information.
Earlier this week, Macworld, a Computerworld sister publication, reported a phishing attack using messages masquerading as Apple's to ask MobileMe users to re-enter their credit card information because of a billing problem.
The message was convincing. "Some of the users who we talked to were very sophisticated users. But they still fell for this attack," said Clements.
Researchers at Trend Micro Inc. agreed that the attack was slick. In a blog post Tuesday, Trend's Jovi Umawing said the message "looks clean and sleek, the text courteous and professional, hardly the kind that instantly gives away [it] away as a fake or scam." He also noted that some of the links in the bogus mail actually lead to legitimate Apple pages.
Clements pinned some of the responsibility on users' trust in Apple. "Absolutely the case," he said when asked if Apple customers' faith in the company was a factor in getting so many to divulge information.
The MobileMe scam wasn't the first time that phishers have used the Apple brand to fake out consumers. In May, criminals hit iTunes users with sophisticated identity theft attacks, again claiming that credit card problems required them to re-enter information to update their accounts.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts