ID: IRCNE2011121353
Date: 2011-12-27
According to “ComputerWorld”, a "vast phishing attack" that attempts to capture the credit card information of Apple customers was launched on Christmas day, according to a report from Mac security-software company Intego.
Intego says that the attack is an attempt to fool Apple customers into clicking on a link under the guise of updating the billing information of their Apple accounts.
If you click on the link in the message, you will be taken to a realistic looking sign-in page, then, after entering your Apple ID and password, you'll be taken to a page asking you to update your account profile, notably entering your credit card information. Again, this page looks realistic, and many of the elements it contains are taken from Apple's own webpages.
Intego reports that the messages are being sent with the subject "Apple update your Billing Information" from a spoofed email address of “appleid@id.apple.com”.
A way to stay secure is to enter links yourself in your browser rather than click on them in emails. If you type store.apple.com into your browser, you know it's a legitimate site. If you're using Safari any secure connection to Apple (i.e., any URL beginning with https: rather than http:) will show a green verification item in the top right corner of the address bar. (There are similar indications in other browsers.) And no legitimate site will ask for personal information, especially of the credit-card variety, without using a secure connection.
- 3