The Intego company specializing in security of software of Mac computers announced the "powerful phishing attack" starting in day of Catholic Christmas as a result of which swindlers tried to steal information on credit cards of clients of Apple company.
In the blog Intego describes the mechanism of this attack: to users of Apple recommend to follow the link conducting to information on a status of the balance of payments of its account in Apple. Let's remind that to the account iTunes bank cards of users are linked.
Following such link, "victim" gets on very similar from original the page of an input, and after input of the identifier of Apple and the password the user appears on the page with a request to update an account profile, in particular, to enter data of the credit card. This page looks is also realistic, as well as many of the elements which are contained in it taken from web pages of the official site of Apple. Thus, if to enter the login and the password on a phishing site, swindlers receive them and, therefore, can use them for an input in the official account of the user and get access to its accounts.
Intego notes that messages marked "Apple updates your payment information" were sent from the false e-mail address of "appleid@id.apple.com". Undoubtedly, versions of e-mails from this source in the future can appear.
How to check legitimacy of the address: if to guide the mouse cursor at a hyperlink with the e-mail address, it is possible to see the tooltip balloon in which the real destination address of the link - the chain of four numbers issuing artful intention which define the IP address, but not the link to a mail service within the domain apple.com will be specified. As fairly notes Intego, "if it not something like mail.apple.com (and it can be www.apple.com, store.apple.com, or something else), then the address dummy".
In addition to told before clicking on the link, there is one more method to secure itself – to enter links into a line of the browser, but not to click according to them in e-mails. If to gather in the store.apple.com browser, it is known that it is the legitimate website. If to use safe connection to the website (i.e. any URL beginning with the instruction https: but not http:), the browser will show a fragment of green color in upper the right (or left – depending on the browser) to a corner of an address bar – result of check. There is more: any official site will not request personal information, especially on credit cards, without using the protected connection (SSL).
It is not the first similar swindle recently in the course of which fraudulent mail is represented letters from Apple company. Earlier this month hackers performed less difficult attack: in the fraudulent message of MobileMe of users asked to send the reply letter a name of registration and the password.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |