email scam
Latest
Don't get hooked by this Apple Store phishing campaign
Apple fans beware! A new email phishing campaign dangling a bogus US$200 Apple Store gift card as bait to snag unsuspecting victims is making the rounds, according to security firm Webroot. The email that arrives (see image above) looks strikingly similar to those that are sent by Apple, using the Apple logo and similar type styles. As usual with phishing campaigns, this deal sounds too good to be true -- all you need to do is click a download link or open an attached file, and voila! A $200 gift card is yours! Well, not really -- instead, performing either task installs Java-based malware that can pull personal data from your computer. That data could be enough to make you the victim of identity theft if you fall for this deadly hook. Apple never just randomly sends out gift cards. In cases where the company has provided gift cards to customers, they're in much smaller amounts and done for some specific reason -- like a rebate on a previous purchase. Apple also never displays a link to an external site or requires the download of an attachment. Another tell -- Apple never refers to customers as "clients." So, if you get an email in the next couple of months telling you about a $200 Apple Store gift card that you've magically received, dump it immediately. Do not click the link, and most assuredly do not look at the attachment. Be sure to pass this warning along to your less tech-savvy friends who might not read TUAW. [via MacNN]
Cryptic Studios issues security warning in response to database breach
Cryptic Studios, purveyor of Champions Online, Star Trek Online, and the upcoming Neverwinter, has just posted an ominous security warning on its official site. Its new security procedures have recently detected that hackers gained unauthorized access to a user database back in December of 2010. According to the studio, The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident. While Cryptic does not believe additional information (like player names and credit card numbers) was taken, it advises vigilance all the same and warns against phishing scams. We'll keep you posted as we learn more. (Thanks to Geoff for the tip!)
