There were quite a few new iPods and iPhones under the Christmas tree this year, so that makes a new phishing scam making the rounds this week all the more dangerous. Security firm Intego says that it is receiving reports of faked Apple emails asking users to update their billing information. They started around Christmas Day.
The message comes with the grammatically incorrect title “Apple update your Billing Information”. The email itself though looks almost identical to a genuine message from the Cupertino, Calif.-based company, complete with a grey page-like background with the Apple logo in the upper right hand corner. The email warns that the user’s billing information is out of date and needs to be updated, also with uncharacteristic bad grammar.
“Failure to update your records will result in billing termination”, the faked message warns. The link provided is a numerical address, and not from apple.com like it should be. Intego says clicking on the link will take the user to a page that looks like a sign-in for Apple, and after signing in the page asks for updated account information, including credit card numbers.
Obviously, filling this out will not only compromise your iTunes account, but your credit card information as well. “We hope you’ll be careful if you’re new to Macs and Apple products”, Intego writes in a blog post from Monday.
As with any email requesting account information, always take all steps to verify that it is legitimate. Links should point to a website on the company’s server, and the security certificate should be assigned to the company in question. Many modern browsers — including Firefox and Chrome — already check for this, and will warn of possible issues or known phishing sites.