Search Results
Lately all has been quiet in regards to Apple’s MobileMe service and shady activities. In the past we’ve told you about a few separate cases of phishing scams going around. Well today we’ve heard that Oscar nominated actress, Salma Hayek’s account has been hacked.
Honestly, this is something that is really not that difficult to do, especially depending on how much information you have about a person. Sarah Palin’s Yahoo! account was famously hacked last year using information from Wikipedia, as have several other celebrities.
In this particular case, all that was needed was Salma’s birthday and the answer to her security question which just happened to be “What is my favorite character?”. Just in case you were wondering what the answer was, it was “Frida” which was Hayek’s most popular role in a movie. (And yes, I’m sure it is now something a bit tougher to figure out so don’t bother trying.) In the end, that is all of the information that was needed to gain access to all of her emails, calendar information, etc…
Moral of this story, choose your security questions and answers wisely… And if you’re well known, make up a fake set of answers, memorize them thoroughly, and don’t tell anyone else.
[Via Macworld]
Stealing credit card information is big business so perhaps it should come as no surprise that we’re seeing so many phishing attacks targeted at even niche services like MobileMe. We’ve reported on a bunch of them already, and this latest one is just more of the same.
If you get an email warning you about the status of your account, asking you to verify billing info, or basically asking you anything at all, NEVER click on the link. Always launch your web browser and type in the main URL by hand (i.e. don’t click on the email’s “Login” button, go to Firefox or Safari and type in “http://www.me.com/”). (And yes, DNS can be cache poisoned and localhosts can be over-written, but depending how valuable a target you are and how much time you want to invest in proofing yourself, manually entering URLs is a good compromise between convenience and security.
Apple Insider has all the details for those who want them. Surf safe!
September was the last time we saw some malicious attacks on MobileMe subscribers. Well the scammers are at it again, trying to take advantage of Apple’s MobileMe subscribers. A Gizmodo reader claims to have gotten the email shown above.
If you then click the fake “Login” button you will be directed to a website the scammers have set up — to look like Apple’s web site — asking for your credit card information. It is safe to say, delete this email if you happen to find it in your inbox.
[Via Gizmodo]
Well it seems like these scam artists will just not go away! Here at TiPb we like to keep you, our loyal readers, safe by alerting you of every scam out there. A while back we reported two other phishing scams aimed at MobileMe customers, and told you Apple was even posting warnings about them.
Just like those phishing scams, these latest scammers are looking to obtain your credit card information. According to UGN Infomanager:
Yesterday, and over night a wave of phishing attacks hit the servers targeting Apple Mobile Me users, and others who might not know the specifics of the phish. There were several, all from different “senders” but leading to the same address. READ THIS ALERT.
DO NOT CLICK ON ANY LINK IN THIS PHISHING ATTEMPT. Not only could it extract information from your computer, the site, or clickthrough pages could contain malware or spyware intended specifically for Mac users. If you can avoid opening it, you will avoid pinging the botnet of a live address.
In addition to all of that, MacNN is reporting that “the originating server DNS addresses have been masked by Joker.com, a site suspected of sympathizing with online criminals”. Really nice isn’t it? Be careful out there people!
(Via MacNN)
A while back we mentioned how Apple’s slipping in of the MobileMe Control Panel was earning the rightful ire of Windows users. Well, it seems Apple has gotten the message, and their news blog now reports:
If you already have the MobileMe Control Panel for Windows installed, upgrading to the latest version of iTunes (iTunes 8 was released on 9/9/08) will automatically update the control panel as well. But If the control panel is not already there, iTunes will not automatically install it. Also, the control panel will appear as an optional download whenever you run Apple Software Update on Windows.
Would that all supposedly bad guy monopolists Dr. Evil types responded to consumer push back so appropriately, eh Paul? Eh Dan? Eh Shill #3 making that post in the background for no reason?
Not long ago we brought to your attention a phishing scam that was going around to some MobileMe customers, we then reported that Apple addressed the scam in their MobileMe blog. Well Apple Insider is now reporting that round 2 is just begining.
In this latest scam, an email is going around that says there are some issues with the users subscription renewal information. It then goes on to direct them to a link to update their credit card information. You can see the exact email that MobileMe customers are receiving below. Notice there is not a single MobileMe logo?
Here are some great tips from Rene:
REMEMBER: Don’t EVER believe email requests for secure data. Go to the site yourself (not through their link — type it in) and log in and see if there really is a problem. Check domain names carefully. App1e.com isn’t the same as Apple.com, they’re just hoping you don’t notice. Worried about the recent DNS poisoning attacks? Use HTTPS/SSL or use a direct IP address. If in any doubt, pick up a phone and call Apple (or your credit card company) directly.
Head on over to Apple Insider for the full story with detailed pictures.
Remember that phishing scam that targeted MobileMe users a while back? The one that may have nabbed hundreds of account holders’ information? Well Apple must, because the latest in their series of MobileMe Updates addresses the issue head on:
You will never receive a message from MobileMe asking you to send personal information over email. If we are ever unable to charge your credit card, for instance, we will send you a reminder email, but will not directly link to any web pages. The safest way to respond and update any necessary information is to type www.me.com into your browser and log in to your account directly. That way you can be confident you are at me.com and your personal information is secure.
Apple further provides a support document on how to better determine the actual destination hidden behind a link, and an email address — reportphishing@apple.com — where users can forward any questionable content for investigation by Apple legal and law enforcement.
Together, MobileMe users can help take a byte out of Apple-targeted crime!
Fail Me, iPhone firmware 2.0.2, apps, and your forum threads!
Phishing attacks, where a bad guy tries to fool you into giving them personal information such as financial account logins, are nothing new on the ‘net. Fake emails leading you to a fake bank site to enter your information so that they (increasingly organized crime, often in Russia or China) can log into your real site and transfer out all your money, then steal your identity and sell it off to second and third tier hackers for other nefarious uses.
This specific attack pretends to come from Apple regarding a MobileMe billing problem, and asks the user to click a link to update their credit card information (which will be promptly stolen). What makes this recent attack particularly dangerous is that MobileMe HAS had billing problems in the recent past, and what with all the other problems associated with the launch, users may be unfortunately prone to believe the phishing attack.
REMEMBER: Don’t EVER believe email requests for secure data. Go to the site yourself (not through their link — type it in) and log in and see if there really is a problem. Check domain names carefully. App1e.com isn’t the same as Apple.com, they’re just hoping you don’t notice. Worried about the recent DNS poisoning attacks? Use HTTPS/SSL or use a direct IP address. If in any doubt, pick up a phone and call Apple (or your credit card company) directly.
Yes, the bad guys are bombing the internet back to the stone age. It’s not a safe browsing world. Be careful and protect your data with the same care you protect real-world valuables.
(via Ars Technica)
