When a Naked Security reader forwarded us a suspicious email he received today, it served as a healthy reminder for all computer users to be on their guard against phishing attacks.
The email claims to come from Apple, and appears to have targeted our correspondent because he is a user of Apple's MobileMe service.
Apple is planning to shut down its MobileMe service in mid-2012, as it is readying its new iCloud service (which will store music, photos, calendars, documents etc in 'the cloud' and wirelessly push them to all of your devices).
Understandably, a lot of MobileMe users are interested in how they will migrate to iCloud and this is the issue that the phishing email uses as bait.
Subject:
Welcome to iCLOUD
Message body:
Important information for MobileMe members.
Dear MobileMe member,
Please sign up for iCloud and click the submit botton, you'll be able to keep your old
email address and move your mail, contacts, calendars, and bookmarks to the new service.Your subscription will be automatically extended through July 31, 2012, at no additional charge.
After that date, MobileMe will no longer be available.Click here to update iCLOUD
Sincerely,
The Apple store Team
If you make the decision to click on the link in the email, however, you are not taken to an official Apple website - but instead a third-party site that is trying hard to present itself in an Apple style.
Yes, it's a phishing website.
And just look what it's asking for: your credit card details, your address, your social security number, your full date of birth, your mother's maiden name and your Apple ID credentials.
Crumbs! Imagine the harm a fraudster could cause with all that information.
Make sure you have your eyes peeled for phishing attacks, and be on your guard regarding unsolicited messages you receive in your inbox. It could be you who gets hit by a phishing attack next.
Follow @gcluley
Hat tip: Thanks to Naked Security reader Jeff for alerting us to this phishing campaign.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
I cannot tell you how much I appreciate this site and all the advice and help you give out. Thank you so much! I have promoted you on my status on FB as I think everyone would benefit by liking your page and getting your alerts! Thanks and regards, Kim
It amazes me that people fall for an email with misspellings and punctuation errors as if Apple would EVER EVER allow that to leave the building.
Every email I receive from Apple addresses me by my full name never as "**** member"
How can we tell a Phishing site? Just by the URL? I'm sure that there are a few that ensure there are no spelling, punctuation, or errors with grammar; even if that means simply paying attention to your spell check.
I admit the "Dear _ _ _ _ user" or "Dear valued customer," might be a hint but still, if someone is a technoidiot they might not clue in.