Jump to content



Photo

New Apple ID phishing scam


  • Please log in to reply
8 replies to this topic

#1 #Michael

#Michael

    Neowinian Senior

  • 6,007 posts
  • Joined: 28-August 01

Posted 17 January 2014 - 19:21

There is a new apple id phishing scam making the internet rounds over the last few days.

 

 

Be careful out there!

Over the past several days, TUAW has received a number of emails from readers noting that there is a phishing scam going around. In case you're not familiar with phishing, it's a way for devious types to get access to your user ID and password for an account -- in this particular case, your Apple ID -- so that they can then go in and rack up big charges. Even worse, since many people use the same email and password for multiple accounts, this can open the door to all sorts of nefarious action.

Phishing is done by sending out emails that look like they are from a trusted source (here, it's Apple), often saying an account has some issues and asking you to click on a link in the email to log in and correct those issues.

 

Full article: http://www.tuaw.com/...-phishing-scam/




#2 JJ_

JJ_

    Neowinian

  • 659 posts
  • Joined: 31-July 05

Posted 17 January 2014 - 19:54

Apple have a really stupid fraud prevention or lets say, potential fraud notification system. It knows your account has been used to download from an unrecognised device/country, yet it does nothing to stop it. I received this e-mail from them last week (e-mail is legit)

 

 

Dear [name],

Your Apple ID, [e-mail], was just used to download Fantasy of Slots from the App Store on a computer or device that had not previously been associated with that Apple ID.

This download was initiated from the United States.

If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

If you did not initiate this download, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.

Regards,
Apple

 

Luckily I had no cards associated to my ID and the game in question is a free download. I changed my Apple ID password and all my security question answers and associated e-mail password and enabled 2 step verification yesterday. I read plenty of reports that people who used crazy long unbruteforceable passwords received similar legit e-mails. Perhaps Apple ID is being exploited through an unreported vulnerability



#3 +techbeck

techbeck

    Neowinian Senior

  • 16,676 posts
  • Joined: 20-January 05

Posted 17 January 2014 - 20:05

People need more education about detecting these kind of things . It really isnt hard to detect.



#4 HawkMan

HawkMan

    Badass Viking

  • 20,216 posts
  • Joined: 31-August 04
  • Location: Norway

Posted 17 January 2014 - 20:30

Apple have a really stupid fraud prevention or lets say, potential fraud notification system. It knows your account has been used to download from an unrecognised device/country, yet it does nothing to stop it. I received this e-mail from them last week (e-mail is legit)

 

 

Luckily I had no cards associated to my ID and the game in question is a free download. I changed my Apple ID password and all my security question answers and associated e-mail password and enabled 2 step verification yesterday. I read plenty of reports that people who used crazy long unbruteforceable passwords received similar legit e-mails. Perhaps Apple ID is being exploited through an unreported vulnerability

 

Umm no, they don't "know" that you account has been compromised. that's why they're sending that mail.  So if you travelled abroad, bought a new ipad, and downloaded apps on it, you would expect Apple to lock you out because you've been hacked ? 



#5 JJ_

JJ_

    Neowinian

  • 659 posts
  • Joined: 31-July 05

Posted 17 January 2014 - 23:40

I downloaded another app from the app store 3 hours before I received that e-mail. I'm sure their system knew it was impossible for me to travel half way around the world in 3 hours to download a game. I think someone had been brute forcing my password because my account became locked out twice before in the last 2 weeks prior to getting that e-mail. All I'm saying is their systems need tinkering because they are sophisticated enough to detect a device that had never been associated with my apple ID initiate a download from a country I've never connected from before yet they let it happen anyway. Crazy



#6 HawkMan

HawkMan

    Badass Viking

  • 20,216 posts
  • Joined: 31-August 04
  • Location: Norway

Posted 17 January 2014 - 23:52

Except people share their accounts in families so, yes, that could and DOES happen. 



#7 JJ_

JJ_

    Neowinian

  • 659 posts
  • Joined: 31-July 05

Posted 18 January 2014 - 00:08

Keep plucking HawkMan, keep plucking :D



#8 HawkMan

HawkMan

    Badass Viking

  • 20,216 posts
  • Joined: 31-August 04
  • Location: Norway

Posted 18 January 2014 - 00:12

what I'm no Apple fan, but their system did exactly what it's supposed to, it warned you someone had accessed your account. and it seems unlikely they bruteforced your password unless it was very simple. You had several options open to you to prevent to prevent this. and they informed you about a possible breach, and if they had stolen anything, they would have restored your balance. 



#9 Ned

Ned

    ...

  • 1,017 posts
  • Joined: 14-October 04

Posted 18 January 2014 - 04:55

Umm no, they don't "know" that you account has been compromised. that's why they're sending that mail.  So if you travelled abroad, bought a new ipad, and downloaded apps on it, you would expect Apple to lock you out because you've been hacked ?

 

...that highly unlikely scenario that I would expect them to flag before doing anything?  You mean that one?

 

Yep.  They should require an confirmation code before doing any sort of purchase.  edit: ah, I see the two step verification, everyone should enable that.





Click here to login or here to register to remove this ad, it's free!