Tuesday, December 27, 2011

Phishing Email Wants Your Apple Login and a Buttload of Personal Information

Evil AppleA new phishing email targeting Apple login credentials and banking information is currently making rounds.

First spotted by security researchers at Intego, the phishing email has been carefully crafted by cybercrooks to appear as though it is a legitimate message sent by Apple urging you to update your Apple account billing information or face the possibility of your account being terminated.

The phishing email reads:
Subject: Apple update your Billing Information
From: applied@id.apple.com

Dear Customer,

It has come to our attention that your account Billing Information records are out of date. That requires you to update your Billing Information. Failure to update your records will result in account termination.

Click on the reference link below and enter your login information on the following page to confirm your Billing Information records…

Click on http://store.apple.com to confirm your Billing Information records.

Apple Customer Support

If you hover over the link in the email, “http://store.apple.com”, you will see that the scammer is attempting to lead you to a spoofed website that’s NOT on the Apple.com domain (always check the URL!):

[caption id="attachment_2477" align="aligncenter" width="464" caption="Credit: Intego "][/caption]

Upon visiting the fake Apple page, you will be asked to login to your Apple account (giving your Apple ID and password to the scammer) and once you “login” you will be taken to a page that allows you to fill in everything from your mother’s maiden name to your social security number to your billing address and credit card information.

Pretty sneaky, huh?

You can avoid falling for phishing scams like this one by typing the URL of the website you wish to visit directly into your browser address bar opposed to clicking links in emails. Most companies do not link directly to login pages, but instead will instruct you to type them in by hand (they do this so you can easily spot phishing emails).

If you do take the risk of clicking a link within an email, make sure you CAREFULLY double-check the URL in your browser before entering any login credentials or personal information.

Also be sure to run up-to-date antivirus software that offers real-time scanning and web filtering just in case you click a link within a spam email that leads you to a malware-infested site.

Have you received any other phishing emails lately? Share your experience below!

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Photo Credit: Daily Picks and Flicks

No comments:

Post a Comment