iCloud Used as Lure in New Phishing Attack

Apple's upcoming cloud service, iCloud, which will allow users to sync and store their media files, email, contacts, calendars, bookmarks, notes, to-do lists and other data between devices, is being used as lure in a new phishing attack.

According to Sophos, the rogue emails bear a subject of "Welcome to iCLOUD" and have forged headers to appear as originating from an @iCLOUD.com address. They are addressed to current MobileMe users and read:

"Dear MobileMe member, Please sign up for iCloud and click the submit botton, you'll be able to keep your old email address and move your mail, contacts, calendars, and bookmarks to the new service.

"Your subscription will be automatically extended through July 31, 2012, at no additional charge. After that date, MobileMe will no longer be available. Click here to update iCLOUD."

iCloud will indeed replace MobileMe and will be shut down in 2012, albeit on June 30, not July 31. This news has been widely circulated and could give credibility to this attack.

The phishers are hoping that users who heard about iCloud will rush to sign up for the new service and click on the link.

However, in reality, iCloud is only opened for developers on a trial basis for now. The service is expected to go live for the general public towards the end of this year.

The link leads to a spoofed Apple Store page that requests for the billing information to be updated. It has fields for filling in card details, address as well as user and password.

"Make sure you have your eyes peeled for phishing attacks, and be on your guard regarding unsolicited messages you receive in your inbox," advises Graham Cluley, a senior technology consultant at Sophos.