Forbidden Web

Aug 13, 2008

Apple MobileMe Phishing Scam
US-CERT is aware of public reports of a phishing attack circulating via email messages that appear to be targeting Apple MobileMe users. These messages claim that there is a problem with the user's billing information and instruct the user to follow a web link to update personal information. Clicking on this link directs the user to a web page that contains a seemingly legetimate web form requesting personal and financial information. Any information entered in this form is not sent to Apple but rather, to a malicious attacker.

US-CERT encourages users to do the following to help mitigate the risks:

Do not follow unsolicited web links in email messages.
Use caution when entering sensitive information online.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.