Phishing e-mail targets new Apple customers, steals billing information

apple phishingJust got a new Macbook, iPad or other Apple gizmo for Christmas? A new e-mail scam is targeting you.

Cyber criminals are sending around a very official looking e-mail asking Apple users to update billing information, according to Intego, an anti-virus software company focused on Macs. The company says that the phishing scam, or scam that parades itself as a legitimate source and then steals information, targets new Apple users who are just setting up their accounts and may be unfamiliar with the Apple system.

The e-mail looks legitimate, and has elements taken directly from Apple’s website. These include shadowing, logo and copyright information as pointed out by Cnet. It reads:

“It has come to our attention that your account Billing Information records are out of date. That requires you to update your Billing Information. Failure to update your records will result in account termination.”

A link at the bottom, which poses as “http://store.apple.com,” is actually a link out to the cyber criminal’s servers, starting with an IP address. As always, make sure you know what you are clicking by hovering over the link to see the actual URL you are about to access. As Intego notes, all Apple URLs will be the formation of something.apple.com.

Fake Apple Account PageOnce clicked, the target is prompted by an Apple ID sign-in page, which looks very similar to Apple’s actual sign-in. This is where they capture your login credentials to access the account in the future. After successful “login,” the person is then prompted with fields such as name, date of birth, social security number, credit card information, billing and shipping addresses along with a second field for Apple ID and password. Beyond just intercepting credit card information, this is a veritable start for full on identity theft, given the request for social security number.

Another, lighter, scam was called to my attention when a friend received an e-mail from a LinkedIn member, or a person posing as a LinkedIn member. Like the Apple scam, which comes from the familiar Apple ID e-mail “appleid@id.apple.com,” this came from “member@linkedin.com.” The e-mail read like a LinkedIn notification and had all the visual clues of a legitimate request. The link to the supposed message he had received instead took him to a page selling Viagra.

Cyber criminals are getting better and better at replicating the look and feel of a company’s marketing. Scams are particularly prevalent around the holidays when e-commerce is in full swing and people are receiving more receipt, shipping and new account e-mails. A study by F-Secure predicted that $10 million would be stolen from e-commerce shoppers this season. Always double check links from marketing e-mails, especially for the next few weeks.

Top screenshot via Intego, second screenshot via Topher Kessler/Cnet