14 DAY TRIAL // Tom Kelchner writing over at the Sunbelt Blog is signaling that a new phisher is on the loose, sending out fake emails to MobileMe subscribers demanding that they update their credit card information, in what looks like a typical phishing scam. This isn’t, by far, the first (and likely not the last) time MobileMe subscribers are targeted by phishers.
Kelchner reproduced the email purporting to be from Apple, which can be seen below, in italics.
From: Mobile IDisk [[email protected]] [mailto:[email protected]] Date: November 8, 2009 5:25:10 PM CST To: [*****] Subject: **Your subscription expires tomorrow...*
Welcome,
Just a reminder to renew your MobileMe subscription by November 08, 2009 PDT to avoid interruption of service.
*To renew your service, log in to MobileMe, select Account, and click Account Options.*Then click the * Login* box for your subscription. When you're done, click Billing Info and make sure your credit card information is up to date. It takes only a few minutes, and your credit card won't be charged until the day before your renewal date.
Thanks for being a MobileMe subscriber. We're looking forward to another great year. .
http://apple-me.info/
Copyright 2009 Apple Inc. All rights reserved.
Unlike previous cases, significant differences between a real such message from Apple and the phony spam could not be easily spotted. However, according to an old AppleInsider report on a similar matter, "Apple's official email cites the account's User Name, the ending digits of their credit card number, and directs the user to navigate to MobileMe themselves to correct their information within the online account section, rather than providing a link to follow." Users would initiate a MobileMe web session secured via SSL before they are prompted to enter their credit card information, should Apple be the sender of the message.