New Apple ID phishing scam


Recommended Posts

There is a new apple id phishing scam making the internet rounds over the last few days.

 

 

Be careful out there!

Over the past several days, TUAW has received a number of emails from readers noting that there is a phishing scam going around. In case you're not familiar with phishing, it's a way for devious types to get access to your user ID and password for an account -- in this particular case, your Apple ID -- so that they can then go in and rack up big charges. Even worse, since many people use the same email and password for multiple accounts, this can open the door to all sorts of nefarious action.

Phishing is done by sending out emails that look like they are from a trusted source (here, it's Apple), often saying an account has some issues and asking you to click on a link in the email to log in and correct those issues.

 

Full article: http://www.tuaw.com/2014/01/17/beware-of-this-apple-id-phishing-scam/

Link to comment
Share on other sites

Apple have a really stupid fraud prevention or lets say, potential fraud notification system. It knows your account has been used to download from an unrecognised device/country, yet it does nothing to stop it. I received this e-mail from them last week (e-mail is legit)

 

 

Dear [name],

Your Apple ID, [e-mail], was just used to download Fantasy of Slots from the App Store on a computer or device that had not previously been associated with that Apple ID.

This download was initiated from the United States.

If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.

If you did not initiate this download, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.

Regards,
Apple

 

Luckily I had no cards associated to my ID and the game in question is a free download. I changed my Apple ID password and all my security question answers and associated e-mail password and enabled 2 step verification yesterday. I read plenty of reports that people who used crazy long unbruteforceable passwords received similar legit e-mails. Perhaps Apple ID is being exploited through an unreported vulnerability

Link to comment
Share on other sites

Apple have a really stupid fraud prevention or lets say, potential fraud notification system. It knows your account has been used to download from an unrecognised device/country, yet it does nothing to stop it. I received this e-mail from them last week (e-mail is legit)

 

 

Luckily I had no cards associated to my ID and the game in question is a free download. I changed my Apple ID password and all my security question answers and associated e-mail password and enabled 2 step verification yesterday. I read plenty of reports that people who used crazy long unbruteforceable passwords received similar legit e-mails. Perhaps Apple ID is being exploited through an unreported vulnerability

 

Umm no, they don't "know" that you account has been compromised. that's why they're sending that mail.  So if you travelled abroad, bought a new ipad, and downloaded apps on it, you would expect Apple to lock you out because you've been hacked ? 

Link to comment
Share on other sites

I downloaded another app from the app store 3 hours before I received that e-mail. I'm sure their system knew it was impossible for me to travel half way around the world in 3 hours to download a game. I think someone had been brute forcing my password because my account became locked out twice before in the last 2 weeks prior to getting that e-mail. All I'm saying is their systems need tinkering because they are sophisticated enough to detect a device that had never been associated with my apple ID initiate a download from a country I've never connected from before yet they let it happen anyway. Crazy

Link to comment
Share on other sites

what I'm no Apple fan, but their system did exactly what it's supposed to, it warned you someone had accessed your account. and it seems unlikely they bruteforced your password unless it was very simple. You had several options open to you to prevent to prevent this. and they informed you about a possible breach, and if they had stolen anything, they would have restored your balance. 

Link to comment
Share on other sites

Umm no, they don't "know" that you account has been compromised. that's why they're sending that mail.  So if you travelled abroad, bought a new ipad, and downloaded apps on it, you would expect Apple to lock you out because you've been hacked ?

 

...that highly unlikely scenario that I would expect them to flag before doing anything?  You mean that one?

 

Yep.  They should require an confirmation code before doing any sort of purchase.  edit: ah, I see the two step verification, everyone should enable that.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.