While most treat the holidays as a time for goodwill toward all, scammers don’t really seem to have gotten the message. Their latest tactic: a phishing scheme aimed at MobileMe users.
First reported by The Mac Observer, the scam consists of a faked email, ostensibly from Apple’s MobileMe team. It warns that a virus has been found within the user’s iDisk; to keep the virus from spreading, users are instructed to reply to the email with their user name and password. (You can see the full text of the email on The Mac Observer’s website.) Other variations of the email—one supposedly from ISP Frontier Communications—are also floating around.
It's important that if you receive this—or any other questionable-looking email—you don't reply to it; if you already received and replied to such a message, you should change your password immediately. Even if your MobileMe account is not be directly linked to your iTunes Store account, you may use the same password combination—and as bad as it might be for a scammer to get into your mail and calendars, if they get ahold of your Apple ID, they'll have access to your credit card information, purchase history, and more. (You can change your password for your MobileMe account or Apple ID by visiting iforgot.apple.com.)
As a general rule, even if an email looks legitimate, you should never reply with sensitive information or visit a linked website directly through a message; if there’s an actual issue, you’ll likely be able to find it by manually typing the vendor’s URL into your Web browser. (Mac 911 columnist Ted Landau has a few more good tips on keeping yourself safe from scams online.)