Apple faithful snared in phishing scam targeting Mac.com users
Hundreds of Mac users have been snared in a phishing scam that coincided with the glitches in the roll-out Apple's MobileMe service. Names of Apple customers traded in underground forums Data obtained by CardCops, a credit card protection service owned by the Affinion Group, shows sensitive information belonging to several …
Apple computers are subject to shorts between the keyboard and floor. Who would have thought!
Now where did my Ohm meter go? I know it is in one of these pockets.
If the people who were scammed were shown a url like the one in the pic then they are idiots for handing over their details without being more careful.
Firefox couldn't pick up the scam? FIREFOX!!!!
I don't believe it. Impossible. Firefox is the saviour of all mankind. You are spreading salacious rumours here.
Stop it. Just stop it.
As a person who knows someone who fell to phishing using FireFox on Windows and as Safari has come under fire by the press for its lack of anti phishing technology, I have to say, one thing IE seems to do right is detecting a phishing site.
This should be a wake up call for Apple. What do you want to be the only reason these people fell victim with Safari is because Stevie held back the new anti-phishing tech for Snow Leopard's release just to help marketing. Now people suffer because of his decision.
In other news, the world is an oblate spheroid.
Slow news day much?
PC to Mac "Gone Phishing again today I see and caught the catch of the day !"
about viruses (virii) and such like.
Now whose laughing (all the way to the bank it seems) !!!!!!
Firefox - written by freetards, sponsored by the mafia
I always confuse nolostor.cl with apple.com
Maybe there should be a walled garden internet for the masses, and a free one for young people and those with IQ>100?
with Matt on this one:
www.nolostand.cl/ etc.
Why on earth would Apple have a non-apple domain based in Chile to update billing details - quite apart from the fact (as everyone is continuously warned). YOU ARE NEVER, EVER, ASKED FOR YOUR BILLING DETAILS BY EMAIL.
People should SWITCH BRAIN ON before using their browser.
Perhaps we should have an internet competency license (much like car, plane etc.) before people are allowed access to the internet. Just a thought....
Have to agree that IE does tend to actively report these things better... however at the end of the day it still comes down to idiots doing it - does anyone seriously enter their credit card details onto a site they clicked to from an email!?!?!
Oh well...
...though almost certainly not dumber. I would like to hear from anyone who might have an insight into exactly why the transition from reliable old .Mac to MobileMe has been such a fiasco. What's going on in Cupertino? Has there been an accompanying hardware transition or is this just a massive bug-fest?
Er, phishing has nothing to do with Mac or PC, it's to do with idiot users. Don't matter which platform they're on.
"Halifax Bank faithful targeted in phishing scam", "PayPal faithful victims of cyber attack!", "Shock horror - eBay users targeted by phishing attack!!"
Name me one online system of any importance which HASN'T been the subject of a phishing attack.
I'm an Apple Mac user since 1991, and I assert with some confidence that I am probably dumber than some El Reg readers. I use a Mac because it allows me to continue to be quite dumb about the mysterious inner workings of my computer while still doing quite useful stuff. So it is with great sadness I read these articles that Holy Steve (on whom be the Blessing of the OSX) has not provided the Mac Faithful with the protection that the Faithful require. I realise that at times the Form of the Browser does not lend itself to such Protection; that it is Sacrilegious to have a pure and minimalist interface overlaid with dialogs written in TechnoSpeak. However the Other Religion of the Mac Faithful (the Massage of the Hip Pocket Nerve) is at stake here. There are miscreants among us, whose sole aim in life is to spread confusion, despair, and dynamic linked libraries. Shall we allow them to Massage the Hip Pocket in reverse, and take from us what is rightfully due the Holy Steve (on whom be the Blessing of the OSX)? I say no! Bring on your Anti Phish Dialog! Bring on your Insecure Web Page Dialog! And whatever else will keep our money safe and warm until it is required by the Holy Steve (on whom be the Blessing etc etc).
Regards.
But would OpenDNS have intercepted the scam?
No surprises though that people are still daft enough to respond to email scams informing "your account will be shut down" & despite all manner of warnings and advice on various security & banking sites it still goes on.
It never ceases to amaze me the somewhat lame threat "Your account will be shut down..." draws in so many, I mean big deal, its not exactly the end of the world is it?
Or have people not as savvy as those here to deploy the right tools to stop this lost the gumption & common sense to pick the phone up & check with their bank, on-line retailer & so on when they see some sporadic communication such as that?
Didn't their iPurchase of a iWannabe device guarantee them iMmunity to all forms of security threat due to "superior design"!?!?!?! Oh dear, I see a host of fanbois that I need to go give some grief to. This could take a while.....
Err, no it hasn't surely.
At least in this country, a door number and a post code is pretty much enough to whittle it down enough, especially with mother's maiden name...
users are idiots.. we know that. apple knows that, microsoft and mozilla knows that.. part of browser safty is to protect users from their own stupidity, to say that the safari is fine and that its the users fault is therefor just escaping your responsibility as a browser vendor imo
this is a massive kick in the balls for safari and a minor poke for ff.. and soemtimes, thats a good thing. who would have thought ie would release a remotley standards compliant browser before ff? now ie8 is on they way, passing all kinds of compliance tests..
Macs are safe from this kind of stuff, that's why St. Steve has decreed there's no point having a stupid phishing philter in Safari. And even if it did, it would be a total waste of time because Mac users are statistically more likely to be of higher intelegence and as such wouldn't fall for a cheap trick like this in a million years.
It's all you PC users who are the lusers, with your inferior operating system, processors and superfluous mouse buttons!
PS. Why doesn't The Register add an icon of an ostrich burying its head in the sand to the list of images to choose from?
I figure El Reg will have to take on extra staff just to cover the volume of people queueing up to laugh at Apple lusers.
But I agree with Matt above (great name btw) that if you're really that much of a fuckwit to follow a link from an email prompting you to enter billing details AND don't notice that the URL is totally bogus, then you're a moron.
I'm an Apple user and my life is far less stress free after making the switch a couple of years ago, but that's not to say I just tossed away all common sense when I became Stevie's latest bitch.
when you need him?
<switches on huge searchlight with 'W' logo pointed at the sky>
No OS can save you from a simple web link in an email, but really even Mac users should be aware www.Mac.com is not www.ZOMGSOMERANDOMSITE.com/lalala/mac.com/stealyourdetails.php
around the world having a strop.
How long befor a Mac/Linex fanboy posts giving us some list of why IE is bad?
this is a chance to have a pop at Apple, so haha.
but perhaps if mobileme had worked then this scam would have had less effect.
perhaps if the days of testing applications for the internet were not being continually cut, (by low computer competency management folk who think that if something runs once with one user it does not need any testing), phishing would see a decline and the mantra of 'never ask for details in an email' would not be open to 'except when we mess up a major system and billing launch'.
No security is going to stop people willingly downloading and running attachments or filling in their credit card details on some dodgy website or jumping off cliffs...
Should we have a paper clip appearing next to the web browser saying "It looks like you're filling in your credit card details, are you are gullible idiot"?
Someone sends the odd million emails out pretending to be from a big company, telling them to reinstate their accounts by putting personal details in.
Where's the news?
Occasionally, though, they seem to forget that there are people who don't actually have much in they way of intellectual acumen. Merely to denigrate them for their stupidity doesn't do much to help.
It's difficult to teach people who aren't terribly bright how to cope in an increasingly technical and rather mean world, but that's what's needed.
... will you still be able to afford all the humble pie that needs to be eaten?
(although clearly this is Micro$loth's fault somehow)
"IE sux0rs still, FF is still t3h pwn"
erm, yeah...
It's the user.
I always make a point of telling my clients that if they ever get an email from a service that they do actually use it will always be addressed to them personally. It will never be "dear paypal user" or "dear customer". And even when it is addressed personally, never ever click on a link before checking to see where it goes. Also, I tell them to read the mail properly. Most bogus mails are written in webster phreaky english.
I suppose like most here, I get a dozen or more of these bogus mails every day in my various accounts. Every once in a while I have a look at them to see what they are like. Some of them are very good and will fool most people - if they don't check the browser address bar to see where the connection has actually gone.
But what amazes me is that some people don't think before blindly filling in the boxes. For example. I have an itunes account. When I set it up it asked for my name address and CC number plus the security code. It also asked me for a memorable question. That, AFAICR is all it wanted to know. So now, If I follow this latest iTunes Phish, It asks me those self same things again (which COULD be legitimate) but also it wants mothers maiden name, social security number (which we don't use in the UK), driver's license details and various other things.
Surely a bank, or a website that sell items for 79 pence does not need to know my driver's licence info (or all the other stuff the site asks for).
I sometimes despair.
Correction. I always despair.
Remember Apple's big advertising campaign about how mac's don't get viruses?
Well, we know the reason now.
Instead of using a virus/spyware to steal their information, Apple's users now give it away freely, why make spyware when you can copy and paste a website?
I hear a helicopter, i've exposed apple's secrets
A lot of Mac users aren't as technically gifted as some of the people on here, my mother for instance can only use my MacBookPro because I showed her how to put what she was looking for in google, she wouldn't know what phishing is or how it works and to be honest I don't think she is gonna start learning about it now.
Your making the same assumption as mozilla and apple in thinking that the user is not an idiot, rule number 1 when designing software is treat the user as an idiot.
People are now exempt from using their common sense and are to rely entirely on what their browser tells them is safe?
How many times has the mantra been repeated.
Dont trust on face value, frankly now its getting to the point where these people deserve all they get.
"Among those who took the bait was someone in Desiree Holtadams's home. She said the confusion caused by the MobileMe transition caused her to lower her guard"
My arse," made me blindly comply without thinking at all would be a better end to that paragraph"
Mac users think they are better because they own Mac (i tested this theory many time over and always proven right). But the deal is: owning a Mac proves that you have lots of money (to the point of serving it on a silver plater to identity thiefs) and that your are extremly stupid.
The avarage IQ of a typical Mac user is in the lower single digit. (now deal with it)
Paris: because she probably own every Mac model ever made.
Wake up and smell the coffee you morons.
You can get phished on any computer....anywhere...at any time.
It dosen't matter if your a Mac user or a Windows user or a Linux user.
Anyone who claims such and such user is smarter than the other is nothing more than the stupidest user on the face of the planet.
Take your ego and shove it where the sun don't shine.
It's easy to avoid phishing... it's called don't get click happy and pay attention to where your going.
If you can't do that... you DESERVE To get phished!
Oh and Joe Harrison.... this isn't a virus... go back to your Stockholm Syndrome therapist... he's got your medication. The same thing can happen to you on your shiny windows platform... or even linux... DUH!
At least, they used to be.
And I always thought that Mac users were hip, sophisticated, intelligent and not just plain STUPID!
How dumb can you be when you see a URL like http://www.dumbass.com/www.apple.com/login.php ? And Mac users are always laughing at Windows users?
Uh hellooo! I think Joe Harrison already pointed out its not a virus...think you should check the status of your own medication...
I think the point that most of the Apple fanbois seem to missing here is that the Apple is sold as innately more secure than MS, and although you cannot completely cater for the idiot user, IE at least tries and Safari can't be bothered...is that security by design...? Not in my book...
>>>Err, no it hasn't surely.
>>>At least in this country, a door number and a post code is pretty much enough to whittle it down enough, especially with mother's maiden name...
However, the personal information in question is for someone in Racine, Wisconsin, whch as you can imagine, is NOT in the UK. In the US, ZIP codes cover much larger areas than the UK's postal codes.
Paris, because even she knows Wisconsin is in the US.
Dumber because they are so smug that they are more secure than other PC users.
Dumbest for falling for such an easy scam.
Can't wait for all them to cry their Apple Juice tears when the first zero day hits all of their unsecure devices and wipes their drives and bank accounts clean. Hehehehehehe ..... This is not an if, it is a definite when.
Who taught the world that lack of reliability was "ok"? Microsoft.
Who taught the world that lack of security was "ok"? Microsoft.
Who has continued make users accept crashes as being "ok"? Microsoft.
Who has turned computer science and IT into a fucking joke? Microsoft, mainly.
For 30 fucking years this company has made "mediocre" and "unreliable" bywords for the IT industry. More than anything else, I hate Microsoft for that.
Sign up, sign up for The Register's weekly IT security newsletter - click here
