Phishing Targets MobileMe
March 2009
In another attempt to con MobileMe users into providing their credit card information, a scammer has sent out spam spoofed to appear to come from Apple, which directs users to a fake site designed to look like Apple’s. Users who follow the email link and enter their information on the poorly formatted, fake Apple Web page will be sorry. While sent with a spoofed sender address of noreply@me.com, the spam’s headers indicate that it actually appears to originate from gamma.oxyhosts.com, a server operated by a Web hosting outfit from the United Kingdom. The email contains formatting errors that should immediately tip off users, and directs to a sketchy URL: http.apple-billing.me.uk. The email’s headers that indicate it was sent using Outlook Express, but those are only visible when the user examines the phony email’s raw headers. Of course, Apple itself has also sent out official MobileMe notices containing the same formatting error. Apple also does not sign or encrypt its official emails to users, a step that might help in thwarting the regular phishing attempts that target MobileMe users. While Apple pioneered certificate based security in iChat messaging for its MobileMe users, it has been a laggard in making it easy for users to sign and encrypt their MobileMe email using certificates issued by Apple, despite support in Mail and most other modern email clients to handle this. The significant difference in the real message from Apple over the phony spam is that Apple’s official email cites the account’s User Name, the ending digits of their credit card number, and directs the user to navigate to MobileMe themselves to correct their information within the online account section, rather than providing a link to follow. Doing so would result in the user initiating a MobileMe Web session secured via SSL before they are ever prompted to enter their private account information. There is no SSL security on the fake site users are directed to by the spam. The fraud site is hosted by me.uk, a domain not affiliated with Apple, but which might sound reasonably correct to many users. The domain appears to be registered to “Nike Jegart, co 9 Vista Estrella South, Lamy, NM 87540.”
In another attempt to con MobileMe users into providing their credit card information, a scammer has sent out spam spoofed to appear to come from Apple, which directs users to a fake site designed to look like Apple’s. Users who follow the email link and enter their information on the poorly formatted, fake Apple Web page will be sorry. While sent with a spoofed sender address of noreply@me.com, the spam’s headers indicate that it actually appears to originate from gamma.oxyhosts.com, a server operated by a Web hosting outfit from the United Kingdom. The email contains formatting errors that should immediately tip off users, and directs to a sketchy URL: http.apple-billing.me.uk. The email’s headers that indicate it was sent using Outlook Express, but those are only visible when the user examines the phony email’s raw headers. Of course, Apple itself has also sent out official MobileMe notices containing the same formatting error. Apple also does not sign or encrypt its official emails to users, a step that might help in thwarting the regular phishing attempts that target MobileMe users. While Apple pioneered certificate based security in iChat messaging for its MobileMe users, it has been a laggard in making it easy for users to sign and encrypt their MobileMe email using certificates issued by Apple, despite support in Mail and most other modern email clients to handle this. The significant difference in the real message from Apple over the phony spam is that Apple’s official email cites the account’s User Name, the ending digits of their credit card number, and directs the user to navigate to MobileMe themselves to correct their information within the online account section, rather than providing a link to follow. Doing so would result in the user initiating a MobileMe Web session secured via SSL before they are ever prompted to enter their private account information. There is no SSL security on the fake site users are directed to by the spam. The fraud site is hosted by me.uk, a domain not affiliated with Apple, but which might sound reasonably correct to many users. The domain appears to be registered to “Nike Jegart, co 9 Vista Estrella South, Lamy, NM 87540.”
posted by arkietechs at 9:27 AM
0 Comments:
Post a Comment
<< Home