We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

Apple iTunes hit by first phishing attack

Identity theft scam targets iTunes users

Apple's iTunes Store is being targeted with sophisticated identity theft attacks for the first time, according to with email security vendor Proofpoint.

Proofpoint executive Andrew Lochart said iTunes users began receiving spammed messages on Monday telling them that they must correct a problem with their iTunes account. A link in the spam leads to a site posing as an iTunes billing update page; that page asks for information including credit card number and security code, US Social Security number and mother's maiden name.

The theft attempt is a new twist on the usual phishing attack, said Lochart. "We've gotten used to seeing the usual companies and brands attacked, like PayPal, eBay and Citibank. But we've never seen Apple as the target."

In a way, said Lochart, the phishing campaign is almost a compliment. "It's probably indicative that the bad guys see Apple's online presence as large enough to be a target. It's part and parcel of the success that Apple has enjoyed lately."

Lochart also speculated that the identity thieves aimed the new attack at iTunes users because of the service's perceived demographics. "I wonder if the bad guys are thinking that [iTunes users] are younger than those for some of the other phished sites, like banks and eBay," said Lochart. "The way that teenagers and young adults use the internet, they show a certain level of trust or openness when they post their name and age and school on MySpace."

On one hand, Lochart added, young people who grew up with the internet are considered technologically savvier than their elders. "But then you see the way they use something like MySpace in a way that's considered risky behaviour."

Although the phoniness of the link to the bogus iTunes account page might be overlooked in the spam email, the URL is clearly not part of the official iTunes domain. "They've actually done a pretty poor job," Lochart, said of the phishers.

Related articles:

Apple iTunes Plus review

All Apple news


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

See Glasgow 2014 in UHD as history is made