phishing
Latest
Examining an iTunes Store account hack
ZDNet has a long report on a recently hacked iTunes account that involved a linked PayPal account. We've seen an increase in the number of hacked iTunes accounts in which people's gift card balance or linked accounts have been mysteriously drained. This report, like many others, leaves us wondering how the hack occurred. Is it a flaw in iTunes that's giving hackers access to accounts, does the user have an insecure password or did the user fall for a phishing scheme that somehow exposed their password? The good news in the ZDNet report is that PayPal already reversed the charges for five of the seven fraudulent transactions. This incident should be a warning for iTunes users -- you still need to guard your iTunes account password closely and you should choose a payment method that lets you easily reverse an unauthorized charge.
Google's gunning for web spammers, bans us from mentioning Bieber
Google's changing its search algorithm to punish sites that emphasize search-engine optimization over quality. Mountain View's data centers will exclude sites that offer no useful content, have articles written in keyword-sprinkled gibberish or only link to sites within a cluster. If the computers find it, the site's pagerank will be demoted, with the company expecting to affect around three percent of all English language queries when it goes live later this week. The company isn't providing more details (lest it help those trying to game the system), so just get all of those gratuitous Justin Bieber references out of your system before Friday, okay?
Cryptic Studios issues security warning in response to database breach
Cryptic Studios, purveyor of Champions Online, Star Trek Online, and the upcoming Neverwinter, has just posted an ominous security warning on its official site. Its new security procedures have recently detected that hackers gained unauthorized access to a user database back in December of 2010. According to the studio, The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident. While Cryptic does not believe additional information (like player names and credit card numbers) was taken, it advises vigilance all the same and warns against phishing scams. We'll keep you posted as we learn more. (Thanks to Geoff for the tip!)
Reminder: Watch out for Mists of Pandaria beta invite scams
Email notifications for the Mists of Pandaria beta have started arriving in people's inboxes -- and this means that we'll likely see an upswing in beta invite scams, as well. If you have received an email stating that you've been invited to participate in the Mists beta, be aware of the following: Don't click any link in the email. Blizzard will never ask you for your account information via email, nor will it usually provide any kind of link to click on. Do head to Battle.net. Type the URL into your browser (don't follow a search or email link) and use the secure login on that page to log into your account. If you have been invited for the first round of Mists beta, you will see your normal World of Warcraft: Cataclysm account listed under your game accounts -- and underneath that, you will see a listing for World of Warcraft: Mists of Pandaria Beta. If you do not see a link to the Mists of Pandaria beta under your game accounts, you are not in this round of testing, and the email you were sent was a fake. The same applies with beta keys as well. If you receive a notification with a beta key, do not click on any links in the email. Go to your Battle.net account as listed above, head to Manage My Games, choose Add or Upgrade a Game, and manually enter the beta key. If the beta key works, you're in; if it doesn't work, you may have been the recipient of a fake key. Remember, any time there is a beta or a trial period for a new game, there will usually be an upswing in attempts to nab accounts, too. Keep your account safe -- and if you made it in the beta, have fun! It's open warfare between Alliance and Horde in Mists of Pandaria, World of Warcraft's next expansion. Jump into five new levels with new talents and class mechanics, try the new monk class, and create a pandaren character to ally with either Horde or Alliance. Look for expansion basics in our Mists FAQ, or dig into our spring press event coverage for more details!
Fake Apple billing email is circulating
Not surprisingly, scammers are targeting Apple customers with a fake phishing email asking them to update their account billing information. People who are new to Apple and probably received their first Mac or iOS device during the holiday season are particularly vulnerable to this scam. This group of customers would not be surprised to receive an email from Apple shortly after they signed up for iTunes for the first time. According to Intego, the email has the same silver coloring as Apple's website and includes the Apple logo to make it look authentic. If you click on the link within the email, you'll travel to a website that closely resembles Apple's website. Of course, there's a login on the fake page that'll steal your Apple ID and password if you make the mistake of logging into the site. On the next page, there's a form that'll steal your credit card information if you willingly submit this information to the fake site. The only way to tell that this email is a scam is to look closely at the URL contained in the email. The link in the email says "store.apple.com", but the underlying URL directs you to page named "apple.htm" on a server that does not belong to Apple. Depending on your email client, you only have to put you pointer over the link to see a pop-up box that'll expose this fake web address. A real link to Apple's website will end in "apple.com" and not some random name or number like the one shown above. To be extra cautious, you should avoid clicking on links in an email and go directly to Apple's website by typing in "store.apple.com" into your web browser. Once you've manually logged into your Apple account, you can then update your billing information, if necessary. [Via CNET]
Daily Update for August 26, 2011
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top stories of the day in three to five minutes, which is perfect for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for listening through iTunes, click here. No Flash? Click here to listen.
MobileMe, iCloud phishing scam making the rounds
There's a new phishing scam going around today involving MobileMe and iCloud. As noted by MacRumors, the scam involves an email that asks users to upgrade their MobileMe accounts to iCloud. The email reads: Dear MobileMe member, Please sign up for iCloud and click the submit botton [sic], you'll be able to keep your old email address and move your mail, contacts, calendars, and bookmarks to the new service. Your subscription will be automatically extended through July 31, 2012, at no additional charge. After that date, MobileMe will no longer be available. Click here to update iCLOUD Sincerely, The Apple store Team Clicking on the iCLOUD button takes the email recipient to a phishing page (an image of it is provided by MacRumors here). The page mimics elements of various Apple billing and shopping cart pages. As is the case with any email asking you to click on a link and enter your password or billing information its usually best to go directly to the company's login page by manually typing in the company's URL in your browser's address field. If the email is legit, you'll usually see the same message once you've logged into your account. Don't take the bait.
The Queue: The one with goombas
Welcome back to The Queue, the daily Q&A column in which the WoW Insider team answers your questions about the World of Warcraft. Alex Ziebart will be your host today. Today is a very special treat. We have your standard-length Queue, plus I answer a very exciting bonus trivia question that has nothing at all to do with World of Warcraft! But you will love it, my gamer pals. You will. Camero asked: In the past week, I've recieved four emails from "Blizzard" all asking me to do something in order to get a Winged Guardian License. I just wanted to confirm that's not true.
iTunes fraud surge hits gift card balances, PayPal accounts
The frustration and questions surrounding iTunes App Store purchase fraud are (unfortunately) continuing. Over the past three weeks, we've received several first-hand reports of accounts with positive gift card balances being unexpectedly drained; often the charges are for in-app purchases for apps such as Section8's World War, Sega's Kingdom Conquest or Kamagames' Texas Poker. Even as Apple is pushing forward with iCloud, questions remain about the security and safety of those millions of accounts. You can read the examples on Apple's discussion boards (stretching from November of 2010 until this week), a series of posts over at Betanews, or coverage at PC Pro -- but many of the stories are similar to the one below. Users who funded their accounts with gift cards saw those balances chewed through with unauthorized purchases; one user with PayPal funding for his account saw over $500 in fake purchases. The in-app buys were for apps the users never downloaded; most claim that their passwords were never compromised and only used for iTunes. Even if phishing or password compromises can explain some of the purchases, it's hard to imagine that all of these accounts were cracked. Here's our first example, from mid-May. If you have similar instances, let us know in the comments or send us a tip. We're asking Apple's media team for answers, if there are any to be had. I bought a $15 iTunes gift card from Apple so I could buy a chat app (Verbs). I also purchased some other apps (Monopoly, mostly because it's cheap, Bumpy Road and loaded a few free apps) which left me with roughly $7-ish dollars remaining in my account. On 5/19, the following happened: I noticed that my store credit had decreased to 51 cents when I went to purchase another app, but thought nothing of it. Actually, my initial thought was maybe a purchase from the past had caught up with me. I wasn't sure. Later that evening I received an iTunes receipt email to the tune of a $99 in-app purchase for a game called "World War". I immediately tweeted about the issue and changed my password. From that I was able to glean info that the app was purchased on 5/18 at 7:59pm. A free app called World War and then a $99 in-app purchase for "1700 honor points." The strange thing is I've never downloaded nor purchased this app myself, it doesn't even exist on my device so this is not a case of the smurf-berries. I emailed Apple support and went to bed because their human-powered support line was closed by 10:30p. Today I called Apple support and was on the line with them for close to 30-40 minutes. I explained everything above to the support person, who at the same time was IM'ing his iTunes store support contacts. They asked me when I had purchased the gift card, I told them at/around the 13th and what my first and last purchase was. I told them the first purchase was for Verbs, the last was Bumpy Road. They investigated further and noticed that prior to the free app + in-app purchase that two $50 store credits were put into my account. At which point the free app was "purchased" along with the in-app purchase of $99 (which equaled to $108 with tax). This raised a flag with them and their Support Manager and they immediately froze my account and escalated my case to Apple's Fraud Dept. The support person says this was the fastest occurrence of this that he has ever seen and he along with others had to deal with the Smurfs case. I'm convinced that they will refund the $7-ish dollars that was there before and they mentioned that the account should only be closed for 24-48 hours. During this time they will be investigating this issue and trying to piece together this on their end. Right now I'm less concerned with the refund and MORE concerned with the app developer and whatever scheme is going on. As for the advice they gave me, basically to change my password (yadda, yadda) and turn off in-app purchases in Settings. They could not, however, explain to me how a free app + in-app purchase was associated with my account. The developer of the app, Section8, are the same outfit who were sued over stealing user data.* A second example, this one featuring multiple PayPal charges totaling over $500: I basically started receiving emails from PayPal saying "You have just sent $44.95 to iTunes" and I was shocked because I did not buy anything. I immediately logged into PayPal and cancelled my payment agreement with iTunes. I received 11 charges of $44.95 each. I have filed a complaint with iTunes and PayPal but I have not received any reply yet. From what I read online, it seems like it is not clear if iTunes has been hacked or if the Sega software used for the hack (which I never downloaded) has been compromised. I never had the feeling that my account had been compromised before. Everything worked perfectly fine, never had strange emails, phishing attempts, etc. Our final report, with gift card balances being drained: Shortly after loading $50 of gift card credit on my itunes account, a remaining balance of $37 (after some earlier purchases) was wiped out by Kamagames Texas Poker chips. I googled the problem and it seems like many many people have experienced the same thing, and a snotty response from Apple about it as well. Everyone affected seems to have been gift card users, or those with a positive itunes balance, rather than money being charged to a credit card. I don't understand how this kind of fraud is being perpetrated but I am angry with Apple for not coming clean about it and explaining the problem given that it clearly seems something more specific than stolen usernames and passwords... The forum linked above is just one of many reporting this issue which seems to have started earlier this month.
Google admits sensitive email accounts have been hacked, some users knew months ago (update: US says no government accounts compromised)
The Contagio security blog posted evidence back in February of targeted attacks against government and military officials on Gmail. Today, nearly four months later, Google has finally admitted this is true: hundreds of personal accounts have been compromised by hackers it believes to be working out of Jinan, the capital of China's Shandong province. The accounts include those of "senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists." The hijackers' aim appears to have been to spy on their targets using Google's automatic forwarding function. But unlike the PSN fiasco, Google insists its internal systems "have not been affected." Instead it seems the hackers used a phishing scam, possibly directing users to a spoof Gmail website before requesting their credentials. Google says its own "abuse detection systems" disrupted the campaign -- but in a footnote right down at the bottom of their official blog page they also credit Contagio and user reports. Update: And in comes China's response, courtesy of Foreign Ministry spokesman, Hong Lei. "Allegations that the Chinese government supports hacking activities are completely unfounded and made with ulterior motives." Ok then, that settles that. Update 2: And the saga continues... According to an AP story published earlier today, the Obama administration has stated that the FBI is looking into allegations that hackers broke into Google's email system, but denied that any official government accounts were compromised. A White House spokesman went on to say that government employees are free to use Gmail for personal purposes, and can not be sure who in the administration might have been affected by the attack. Let's just hope they know how to leave the sensitive stuff at the office.
Another phishing email takes on Apple themes
According to MacRumors, yet another Apple-styled phishing email is making the rounds. This one seems to be a lot more insidious than another phishing email that circulated last week. While the earlier email had several aspects to it that were dead giveaways it was fake, this new email could very easily trip up anyone who doesn't pay attention to the latest Apple news. The "from" line says the email comes from Apple.com (noreply@apple.com), lending an air of credulity to it that the earlier email lacked. The message claims to be concerned with the debut of the iPhone 5, and it contains images pulled from various sources around the Web alongside some copy written in a very Apple-y style. Our readers will no doubt recognize these images as fake right away, but they might appear plausible to people who don't follow the news very closely. As such, this email is potentially more dangerous than the one that was circulating last week, particularly since an inviting "check it out" link downloads a Windows executable file that could contain just about anything. It probably seems obvious to us Apple fans, but for everyone else it bears mentioning: Apple doesn't announce new products via email like this, especially not flagship products such as the iPhone. For major product launches, Apple puts on a keynote event that gets wide media coverage; for minor product refreshes, sites like this one get the word out even when Apple doesn't draw much attention to them itself. If you get an email like this that claims to be about the latest and greatest Apple product, but no one else on the internet has discussed it at all, don't bother clicking anything and just delete the message. Better yet, until this latest round of phishing emails gets monkey-stomped into the digital dirt, it's probably a good idea to avoid clicking on anything in any unsolicited messages that appear to be from Apple. If you really want to see what's new on the Apple Store, the URL is very easy to remember: store.apple.com.
New phishing email pretends to be from Apple's online store
We've received several reports today of an email making the rounds that's very likely a phishing scam. The message content is cleverly designed to look like it's coming from the Apple Store, and clicking on any of the links will take you to a website that's even superficially similar to Apple's online store. If you get this email, don't buy anything from its associated website, as there are a few dead giveaways to the inauthenticity of the message. First, the message sender will come up as a random string of characters followed by @live.com. All messages from the Apple Store should have apple.com at the end, and nothing else. The URL that you're directed to if you click anything in the message will eventually resolve to appledownload.com instead of the proper URL, store.apple.com, and you'll find a website that looks sort of like Apple's storefront but is focused seemingly exclusively on software sales. The "about" section on the site is written in quite broken English and claims the business is based in San Francisco. However, a simple WhoIs lookup shows that the site is registered to "Lyubov Bushmakina" in St. Petersburg, Russia. If that's not a red flag, I don't know what is. Bottom line: don't buy anything from this site if you're the least bit paranoid of being defrauded. There's a slim chance the site may be a legitimate software outlet, but by "slim chance" I really mean "snowball's chance on the surface of Venus." Always be wary of emails like this that offer to sell you stuff, especially if there's telltale signs it's not coming from who you think it is at first glance. Update: Commenters have noticed that the email addresses targeted by these phishing attempts are consistent with addresses used to register for MacHeist in the past. In early 2010, MacHeist's then-email processor iContact reported that it was the victim of a security breach that exposed some subscriber email addresses to spammers; it is possible that some of these compromised addresses are now being used for Apple-themed targeted spam. MacHeist no longer uses iContact for email processing.
AppleCare rep tells Ed Bott Mac malware reports are up
An anonymous AppleCare support representative spoke to ZDNet's Ed Bott over the weekend, telling the reporter that complaints about malware infections on the Mac increased significantly in the first half of May. "This last week over 50% of our calls have been about [malware]," said the AppleCare staffer. "In two days last week I personally took 60 calls that referred to Mac Defender." Earlier this month, a new series of malicious software packages with names like "Mac Defender," "Mac Security" and "Mac Protector" began to assault Apple's computing platform. Websites would alert users their Macs were infected and persuade them to download and install "Mac Defender" to protect their computers from the alleged attack. Rather than eliminate malware, these trojans prompt users to provide credit card information to their authors. It's all a scam. Even so, the scam appears to be quite effective. The AppleCare staffer claims many callers believed the warnings from these malware packages were legitimate or came from Apple, and in the last week, call volume for the computer-maker's support lines was up to five times higher than normal. "I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls," the AppleCare representative told Bott. It's unclear from Bott's interview how many callers had actually installed the phony "Mac Defender" software and how many were calling to verify the authenticity of an alert on a website claiming their computers were infected. The AppleCare staffer's facts and figures are notably anecdotal. It's difficult, for example, to reconcile a five-fold increase in call volume since the malware attacks began when only half the calls have to do with "Mac Defender." Although the AppleCare staffer's story sounds a lot like a surfer boasting about a tremendous wave, it's important to use common sense when installing software from the internet. Unlike a virus or worm that sneaks onto a computer without authorization, trojans like "Mac Defender" require an administrator to provide his or her password and knowingly install the malicious software. When TUAW first reported these malware attacks, we offered some helpful tips for avoiding these digital con games. Is this AppleCare representative capitalizing on the latest wave of Mac malware hype and exaggerating his or her story for attention? Or is the "Mac Defender" family of trojans really gaining traction among a community of unsuspecting Mac users? Let us know what you think in the comments.
Xbox Live status warns of phishing in Modern Warfare 2 messages
Don't look so smug, Xbox Live users. You may be able to play games online and download things, but the latest Xbox Live status serves as a reminder that no online service is totally safe from malefactors. "Users may receive potential phishing attempts via title specific messaging while playing Modern Warfare 2," Microsoft warns. This should be more annoying than harmful, considering that every Modern Warfare 2 player has already had to learn to ignore messages from strangers out of self-preservation. Just be extra vigilant about ignoring people right now, because they might be trying to finagle your password or other personal info. Microsoft says it's "working to resolve the issue."
Epsilon breach exposes TiVo, Best Buy email addresses, spambots stir into action
If you're subscribed to any of TiVo's email-based communiqués, now would be a good time to make sure your spam filters are up to scratch. Epsilon, TiVo's email service provider, has reported the discovery of a security breach that has compromised the privacy of some customers' names and / or email addresses. A rigorous investigation has concluded that no other personal data was exposed, however it's not just TiVo that's affected -- other big names, such as JPMorgan Chase, Citi, US Bank, Kroger, and Walgreens have also seen their users' deets dished out to the unidentified intruder. As we say, no credit card numbers or any other truly sensitive data has escaped, so the only thing you really have to fear is fear itself... and an onslaught of spam. Update: Best Buy and the US College Board have also joined the extremely broad list of affected organizations now, judging by the warning emails they've been sending off to our readers. Valued Best Buy customers should expect an email similar to the scawl posted after the break. Update 2: You can also count Chase Bank customers among those also affected -- not their bank accounts, mind, but their e-mail addresses. [Thanks to everyone who sent this in]
Valve introduces Steam Guard to fight account phishing and hijacking
What's Steam's "number one support issue" according to Valve's Gabe Newell? "Account phishing and hijacking," says the boss. In an effort to combat the theft of digital goods, Valve has announced Steam Guard, a new service that allows users to restrict account management to a specific Intel-powered PC. Using Intel Identity Protection Technology (IPT), a hardware-based feature available in second generation Intel Core processors, Steam Guard users will be notified whenever a different PC attempts to log into or modify their account settings. This should give Steam users "the account security they need as they purchase more and more digital goods," said the filthy rich Newell. Because Steam Guard is hardware-reliant, the service will not be available to all Steam users. Still, Valve's Doug Lombardi expects "to see widespread adoption of hardware-based security like Intel IPT by other service providers" in the future. "If as a customer you are buying movies, music, games, or digital goods, you want to know that they are more secure than your physical goods."
Blizzard posts new account security guide
Make no mistake: it really sucks when your WoW account gets compromised. Even with the speed with which compromises are handled by the support department nowadays, it's still a pain to have to wait to get your stuff back -- and it's even worse to know that someone was in there mucking around with your dudes, you know? Blizzard's been better about helping people with account security problems recently, like giving out free authenticators to some hacked accounts and offering a free phone-in authenticator service, but in the end, a lot of the responsibility falls on you the player to keep your account secure. To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.
Dear Friend: 92 percent of all email is spam, says Symantec
This statistic may or may not come as a surprise, depending on how closely you monitor your email inbox. Symantec has released an estimate that 92 percent of all email is spam, up from 89 percent last year. The good news? Phishing attacks declined 5 percent this year, and if we had to make a guess, we'd say attacks of listening to Phish are on an upswing. Check out another one of our favorite example spams below.
StarCraft 2 phishing scams looking to harvest Battle.net info
Completely unsurprising news now, as your usual thieves and unsavory types have crawled out from the woodwork to capitalize on the launch of the biggest PC title perhaps ever, StarCraft 2: Wings of Liberty. These "people" are sending out phishing emails in the hopes of getting folks' Battle.net account info, all under the guise of helping you get an activation key. It comes with the territory: Battle.net and Blizzard's games are by no means impervious to these scams, nor have they been in the past, but Siliconera's example of one phishing email presents a pretty convincing ruse. Hopefully, in some small way, we can all help fewer people fall prey to this particular trick.
SOE issues security alert for EQII and Station accounts
Ho hum, another week, another email phishing scam, not exactly news right? Well, this time around, Sony Online Entertainment thinks it is serious enough to issue a security alert via the official EverQuest II website, warning players to safeguard their login information and ensure that it is only used on the official SOE site. While details on the new scam aren't clear, it's a safe bet that it has to do with exploiting a similar URL, as SOE explicitly states the legitimate login URL (http://auth.station.sony.com) in its press release. With the explosion in online gaming popularity across diverse cross-sections of the general public in recent years, it's no surprise that account hacking is also on the rise, as gamers are no longer the tech-savvy demographic they once were. If you do suspect that your EQII or Station account has been compromised, you can email or chat live with SOE customer support.
