14 DAY TRIAL // Security researchers from GFI Sunbelt warn of new phishing emails targeting MobileMe users, which direct users to a fake Apple Store website and attempt to trick them into exposing their credit card information.
The fake emails feature the MobileMe logo, an Apple copyright notice and pose as subscription renewal notifications. They read:
"Welcome,
Just a reminder to renew your MobileMe subscription by October 25, 2010 PDT to avoid interruption of service.
Did you resently [sic.] change your credit card or phone number? To renew your service, log in to MobileMe, And click Account Options. Then click the Login box for your subscription. When you're done, click Billing Info an make sure your credit card information is up to date. It only takes a few minutes, and your credit card won't be charged until the day before your renewal date.
Thanks for being a MobileMe subscriber. We're looking forward for another great year"
Clicking on the included Log in button takes users to a fake U.S. Apple Store site, where in addition to exposing their MobileMe login credentials, users are encouraghed to input their credit card details.
A billing information update form contains fields for credit card type (VISA, Mastercard, AMEX and Discover), card number, expiration data, three-digit security code, as well as cardholder first name, last name and address.
The "MobileMe subscription renewal" trick continues to be re-used in phishing scams. Similar campaigns were reported in 2008, 2009 and even earlier this year.
Apple is well aware of the attacks and even has an advisory with information on how to identify them.
Amongst other things, the company points out that MobileMe uses Extended Validation SSL (EV SSL) for authentication.
This should be clearly marked in the address bar when visiting the login page and the displayed certificate should belong to Apple Inc.