Some 100 to 200 people have fallen for a MobileMe phishing scam that began to make the rounds earlier this week, investigators have found. Identity protection group CardCops used automated bots to help human investigators unearth the findings on a server used by scammers to store data.
"We found 20 different files parked on the server, each file with two or three or four, up to 20, profiles," CardCops president Dan Clements told Computerworld. "Cumulatively, there were about 300 profiles collected in that one day. And 100 to 200 were mac.com addresses."
Clements revealed that after calling a number of people who had fallen for the attack, the group was able to piece together what had happened with the whole MobileMe scam. "We realized that it was a phishing attack, of course, but also that these phishers timed it with an Apple event." That Apple "event," of course, was the fact that MobileMe has been nothing but an endless clusterf*ck since its launch a month ago, with recurring problems even up through this week. Naturally, MobileMe customers had grown accustomed to things going wrong on Apple's end, and so they apparently didn't hesitate to click through the phishing e-mail that claimed there was a problem with their MobileMe payments.
The e-mail, which we covered a few days ago, looks fairly official, arriving complete with images from Apple's site and links to a number of Apple pages. The phishing occurs at the bottom, where it reads, "We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?"
Anyone want to go phishing?
This isn't the first phishing scam targeted toward Apple's customers. In May, one that was targeted at iTunes users made the rounds online, asking iTunes customers to re-enter their billing information on a very iTunes-like page online. It seems pretty clear that these are only the beginning—Apple's typical demographic is a pretty desirable one, making more money than most. So if you're a customer of any of Apple's services, you might want to start being a little more careful about which e-mail links you decide to click. If you're ever not sure whether it's real or not, just go to the site directly by typing in the URL. If your information is ever truly out of date, Apple will usually let you know when you log in.
reader comments