During Christmas season, a well-crafted phishing scam has targeted Apple users, fooling them into give their Apple IDs and billing information, Internet security firm Intego reported in its blog.
The tricky email, which is well-written and grammatically correct (unlike most phishing emails), was sent to many owners of iPhone, iPod and iMac with the Apple update your Billing Information in the subject line.
Especially, those who got Apple devices for Christmas, should be more careful when they set up and activate their accounts with the iTunes Store or the Mac App Store for the first time.
This is how the phishing scam works:
After the Apple users open the email, they will find a message claiming to have originated from firstname.lastname@example.org.”
The email will tell the users that their current billing records are out of date, and it will provide a link to the Apple Store, urging the users to click on that link and confirm their billing records. However, if the users click the link, they will be directed to a fake Apple sign-in page. Users who received the email, said the fake sign-in page is nearly identical to the real sign-in page.
Once the users enter their Apple ID and password, they will be reminded to update their billing account information, especially their credit card information - the ulterior objective of the cyber criminals.
So how do we avoid becoming a victim of this scam. According to Intego, the fake Web site is similar looking to the real Apple site but if one looks closely, one will be able to make out the differences. For instance, if the user pays attention to the page URL, the user will find that the URL isn't Apple's URL (www.apple.com) but a numerical address and the address ends with a page named apple.htm, Intego said.
Digital Journal also analyzed that as the scammers are not native speakers in a particular language, there's often some spelling errors on the fake page and sometimes even the region may be wrongly listed.
There's other ways to avoid the phishing scam - Apple users should not click the links in emails, but rather go directly to the official Apple Web site or copy the links into the browsers.
Remember - phishing scam is one of the biggest cyber crimes dogging Internet users and the best way to avoid it is to listen to one's gut instinct - if you feel that you're not the intended recipient of the email or find something fishy about the email, chances are that it probably is. Most companies hardly ask their their customers to update their information through email and, especially out of the blue. So next time, when you receive any fishy email, do yourself a favor. Don't click on the link provided, no matter how much you're tempted to do so.