Security

Read all 'CardCops' posts in Security
August 14, 2008 3:07 PM PDT

Apple .Mac customers targeted for fraud

by Robert Vamosi
  • 14 comments

When Apple rolled out its Mobile Me service last month, it provided phishers with a golden opportunity to scam users of .Mac, according to a credit card protection service.

"We confirmed this," said Dan Clements, vice president at Affinion Group, the company that owns Card Cops. "...We called some of the .Mac users" found on a trading site used by the Internet underground.

Card Cops includes among its customers major banks worldwide. For the last eight years, the group has been helping its clients and law enforcement track down those who are trading personal information online.

Clements said his company routinely examines caches of "full profiles," meaning the files contained the social security numbers, birth dates, mothers' maiden names, and credit card numbers from customers of savvy users that were tricked. He said one day there was a "disproportionate amount of what we usually see" of victims using the .Mac e-mail address.

Of the 300 profiles provided to CNET News, more than 100 had .mac addresses.

"The attack looked very realistic; the graphics were well done," said Clements, and this snared some sophisticated victims, he said. Some had businesses accounts with Apple "because their mother's maiden name was already on file."

One version of the e-mail solicitation included links to help set up your desktop, PC, iPhone, or iPod Touch. It also stated that Apple was "unable to process your most recent payment," and to "please update your billing information today" so your service is not interrupted. Victims then entered their personal information on a site that appeared to be hosted by Apple, but was actually overseas.

The .Mac phishing attack coincided with Apple's rollout of its Mobile Me service in early July. MobileMe lets Apple customers synchronize mail, calendars, contacts, photos, Safari bookmarks, Dashboard widgets, and more among Macs, the iPhone, and iPod Touch. However, all was not perfect; MobileMe experience too many glitches in the first few weeks of operation.

Clements agreed that Apple was also a victim here, but commented that the company might have been "more preemptive by saying what Apple was going to do" with the e-mail and also warn users to be careful of phishing attacks.

Apple did not provide a comment for this story.

Topics:
Vulnerabilities and attacks,
News
Tags:
security,
Apple,
CardCops,
Affinion Group,
Dan Clements
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET