Welcome to Apple iCloud phishing attacks

Filed Under: Apple, Data loss, Phishing, Privacy, Spam

Apple iCloud phishingWhen a Naked Security reader forwarded us a suspicious email he received today, it served as a healthy reminder for all computer users to be on their guard against phishing attacks.

The email claims to come from Apple, and appears to have targeted our correspondent because he is a user of Apple's MobileMe service.

Apple is planning to shut down its MobileMe service in mid-2012, as it is readying its new iCloud service (which will store music, photos, calendars, documents etc in 'the cloud' and wirelessly push them to all of your devices).

Understandably, a lot of MobileMe users are interested in how they will migrate to iCloud and this is the issue that the phishing email uses as bait.

iCloud phishing email

Subject:

Welcome to iCLOUD

Message body:

Important information for MobileMe members.

Dear MobileMe member,

Please sign up for iCloud and click the submit botton, you'll be able to keep your old
email address and move your mail, contacts, calendars, and bookmarks to the new service.

Your subscription will be automatically extended through July 31, 2012, at no additional charge.
After that date, MobileMe will no longer be available.

Click here to update iCLOUD

Sincerely,

The Apple store Team

If you make the decision to click on the link in the email, however, you are not taken to an official Apple website - but instead a third-party site that is trying hard to present itself in an Apple style.

Phishing website

Yes, it's a phishing website.

And just look what it's asking for: your credit card details, your address, your social security number, your full date of birth, your mother's maiden name and your Apple ID credentials.

Crumbs! Imagine the harm a fraudster could cause with all that information.

Make sure you have your eyes peeled for phishing attacks, and be on your guard regarding unsolicited messages you receive in your inbox. It could be you who gets hit by a phishing attack next.

Hat tip: Thanks to Naked Security reader Jeff for alerting us to this phishing campaign.

, , , ,

You might like

4 Responses to Welcome to Apple iCloud phishing attacks

  1. Kim · 1063 days ago

    I cannot tell you how much I appreciate this site and all the advice and help you give out. Thank you so much! I have promoted you on my status on FB as I think everyone would benefit by liking your page and getting your alerts! Thanks and regards, Kim

  2. NotTellinYou · 1062 days ago

    It amazes me that people fall for an email with misspellings and punctuation errors as if Apple would EVER EVER allow that to leave the building.

  3. tapis · 1062 days ago

    Every email I receive from Apple addresses me by my full name never as "**** member"

  4. Eneicia · 996 days ago

    How can we tell a Phishing site? Just by the URL? I'm sure that there are a few that ensure there are no spelling, punctuation, or errors with grammar; even if that means simply paying attention to your spell check.

    I admit the "Dear _ _ _ _ user" or "Dear valued customer," might be a hint but still, if someone is a technoidiot they might not clue in.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.