#Michael Posted January 17, 2014 Share Posted January 17, 2014 There is a new apple id phishing scam making the internet rounds over the last few days. Be careful out there! Over the past several days, TUAW has received a number of emails from readers noting that there is a phishing scam going around. In case you're not familiar with phishing, it's a way for devious types to get access to your user ID and password for an account -- in this particular case, your Apple ID -- so that they can then go in and rack up big charges. Even worse, since many people use the same email and password for multiple accounts, this can open the door to all sorts of nefarious action. Phishing is done by sending out emails that look like they are from a trusted source (here, it's Apple), often saying an account has some issues and asking you to click on a link in the email to log in and correct those issues. Full article: http://www.tuaw.com/2014/01/17/beware-of-this-apple-id-phishing-scam/ Link to comment Share on other sites More sharing options...
JJ_ Posted January 17, 2014 Share Posted January 17, 2014 Apple have a really stupid fraud prevention or lets say, potential fraud notification system. It knows your account has been used to download from an unrecognised device/country, yet it does nothing to stop it. I received this e-mail from them last week (e-mail is legit) Dear [name],Your Apple ID, [e-mail], was just used to download Fantasy of Slots from the App Store on a computer or device that had not previously been associated with that Apple ID.This download was initiated from the United States.If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.If you did not initiate this download, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.Regards,Apple Luckily I had no cards associated to my ID and the game in question is a free download. I changed my Apple ID password and all my security question answers and associated e-mail password and enabled 2 step verification yesterday. I read plenty of reports that people who used crazy long unbruteforceable passwords received similar legit e-mails. Perhaps Apple ID is being exploited through an unreported vulnerability Link to comment Share on other sites More sharing options...
techbeck Posted January 17, 2014 Share Posted January 17, 2014 People need more education about detecting these kind of things . It really isnt hard to detect. Link to comment Share on other sites More sharing options...
HawkMan Posted January 17, 2014 Share Posted January 17, 2014 Apple have a really stupid fraud prevention or lets say, potential fraud notification system. It knows your account has been used to download from an unrecognised device/country, yet it does nothing to stop it. I received this e-mail from them last week (e-mail is legit) Luckily I had no cards associated to my ID and the game in question is a free download. I changed my Apple ID password and all my security question answers and associated e-mail password and enabled 2 step verification yesterday. I read plenty of reports that people who used crazy long unbruteforceable passwords received similar legit e-mails. Perhaps Apple ID is being exploited through an unreported vulnerability Umm no, they don't "know" that you account has been compromised. that's why they're sending that mail. So if you travelled abroad, bought a new ipad, and downloaded apps on it, you would expect Apple to lock you out because you've been hacked ? Link to comment Share on other sites More sharing options...
JJ_ Posted January 17, 2014 Share Posted January 17, 2014 I downloaded another app from the app store 3 hours before I received that e-mail. I'm sure their system knew it was impossible for me to travel half way around the world in 3 hours to download a game. I think someone had been brute forcing my password because my account became locked out twice before in the last 2 weeks prior to getting that e-mail. All I'm saying is their systems need tinkering because they are sophisticated enough to detect a device that had never been associated with my apple ID initiate a download from a country I've never connected from before yet they let it happen anyway. Crazy Link to comment Share on other sites More sharing options...
HawkMan Posted January 17, 2014 Share Posted January 17, 2014 Except people share their accounts in families so, yes, that could and DOES happen. Link to comment Share on other sites More sharing options...
JJ_ Posted January 18, 2014 Share Posted January 18, 2014 Keep plucking HawkMan, keep plucking :D Link to comment Share on other sites More sharing options...
HawkMan Posted January 18, 2014 Share Posted January 18, 2014 what I'm no Apple fan, but their system did exactly what it's supposed to, it warned you someone had accessed your account. and it seems unlikely they bruteforced your password unless it was very simple. You had several options open to you to prevent to prevent this. and they informed you about a possible breach, and if they had stolen anything, they would have restored your balance. Link to comment Share on other sites More sharing options...
Neyht Member Posted January 18, 2014 Member Share Posted January 18, 2014 Umm no, they don't "know" that you account has been compromised. that's why they're sending that mail. So if you travelled abroad, bought a new ipad, and downloaded apps on it, you would expect Apple to lock you out because you've been hacked ? ...that highly unlikely scenario that I would expect them to flag before doing anything? You mean that one? Yep. They should require an confirmation code before doing any sort of purchase. edit: ah, I see the two step verification, everyone should enable that. Link to comment Share on other sites More sharing options...
Recommended Posts