A “vast phishing attack” that attempts to capture the credit card information of Apple customers was launched on Christmas day, according to a report from Mac security-software company Intego.
If you click on the link in the message, you will be taken to a realistic looking sign-in page, then, after entering your Apple ID and password, you’ll be taken to a page asking you to update your account profile, notably entering your credit card information. Again, this page looks realistic, and many of the elements it contains are taken from Apple’s own webpages.
Intego reports that the messages are being sent with the subject “Apple update your Billing Information” from a spoofed email address of “firstname.lastname@example.org,” though of course future emails from the same source might vary somewhat.
If you hover your mouse over the hyperlink in the (impressively forged) email address, you’ll see a floating box that reveals the real destination of that link: the telltale chain of four numbers that specifies a numeric IP address, rather than a link to somewhere within the apple.com domain. As Intego rightly points out, “if it’s not something.apple.com (it could be www.apple.com, store.apple.com, or something else), then it’s bogus.”
This isn’t the first such scam posing as an email from Apple recently. In a less sophisticated attack earlier this month, a fake MobileMe message requested that users send an email containing their username and password.
In general, you should be skeptical about any email messages, however legitimate they appear to be, that ask you to go to a website or compose an email containing personal data.